Enable Two-Step Verification for Azure Users

A

The correct answer is A. Create an Azure AD conditional access policy.

Two-step verification, also known as multi-factor authentication (MFA), is an important security feature that adds an extra layer of protection to user accounts by requiring users to provide two forms of authentication when signing in.

To enable two-step verification for Azure users in an Azure AD tenant, you can create an Azure AD conditional access policy. This policy allows you to define conditions under which users are required to provide two-step verification, such as when accessing Azure resources from outside the corporate network or from a new device.

To create a conditional access policy for two-step verification in Azure AD, follow these steps:

1. Sign in to the Azure portal with your global administrator credentials.

2. Navigate to the Azure Active Directory blade and select the Conditional Access option.

3. Click on the New policy button to create a new policy.

4. Provide a name for the policy and select the users and groups to which it applies.

5. Define the conditions under which two-step verification is required, such as based on user location, device type, or application being accessed.

6. Configure the required factors for authentication, such as a phone number or mobile app.

7. Save the policy and test it to ensure that it works as expected.

It is important to note that enabling two-step verification through a conditional access policy may not be sufficient for all scenarios. Depending on your organization's security requirements, you may also need to consider other options such as Azure AD Privileged Identity Management or an MFA Server. However, creating a conditional access policy is a good first step towards improving the security of your Azure environment.