Implementing Multi-factor Authentication for Microsoft 365 Security in Sweden | Exam MS-500

Enforcing Multi-factor Authentication for Microsoft 365 Security in Sweden

Prev Question Next Question

Question

Your organization has a Microsoft 365 subscription, and you are responsible for implementing security methods.

Due to security reasons you wish to enforce Multi-factor authentication for all sign-in attempts that are originating from Sweden.

You will use Conditional Access to create the solution.

What should you configure?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer: B

You should define a named location in Conditional Access.

Here you can add Sweden as a named location.

Home > Conditional Access «>» Conditional Access | Named locations ‘Azure Active Directory « ++ Countries location | ++ 1P ranges location Configure MFA trusted IPs Policies © insights and reporting Named locations are used by Azure AD security reports to reduce false positives and % Diagnose and solve problems Location type : All types Trusted type : All types Manage [2 search names “> Named locations Name @ Custom controls (Preview) No named locations found. &% Terms of use VEN connectivity
New location (Countries) © only v4 adcresses are mapped to countis/regions.Pv6 SS GEnce Ee OnE Srurea SS LJ swaziland C1 sweden C1 switzerland OO sya

Give the Named location policy a name.

Lastly create a new conditional access policy with conditions - locations - your named location settings:

New Conditional Access policy Control user access based on Conditional Access policy to bring signals together, to make decisions, and enforce organizational policies. Learn more Name * MFA for Sweden Control user access based on signals from Control user access based on their physical conditions like risk, device platform, location, _ location, Learn more client apps, or device state, Learn more Configure User risk C Not configured Include Exclude Assignments Users and groups ( All users Cloud apps or actions All cloud apps Conditions © 1 condition selected ‘Access controls Grant 1 control selected Session 0 controls selected Sign-in risk © Any location Not configured © Alltrusted locations Device platforms © Selected locations Not configured Select Locations © MFA for Sweden 1 included Client apps MFA for Sweden : Not configured Device state (Preview) C Not configured Filters for devices (Preview) Not configured

Option A is incorrect.

This is an identity protection policy.

Option C is incorrect.

Making a role eligible in privileged access management is not correct.

Also we are to use Conditional access.

Option D is incorrect.

This is an identity protection policy.

To know more about conditional access named locations, please refer to the link below:

The correct answer for this scenario is A. A User Sign-in policy.

Explanation:

To enforce multi-factor authentication for all sign-in attempts originating from Sweden, we can create a User Sign-in policy with a Conditional Access rule. A User Sign-in policy is a set of rules that defines the user authentication experience, which includes password policies, user account lockout policies, and other settings that impact user sign-in.

We can create a Conditional Access policy to enforce multi-factor authentication for users signing in from specific locations. To do this, we can create a new policy with the following settings:

  1. Assign the policy to a specific group of users or to all users in the organization.

  2. Select the condition "Locations" and choose the location Sweden.

  3. Select the action "Require multi-factor authentication".

  4. Configure any other additional settings as required, such as allowing access for trusted devices or excluding specific applications.

Once the policy is created, it will apply to all sign-in attempts originating from Sweden and require multi-factor authentication.

Option B, a Named location, could be used to define the geographical location of Sweden. However, it is not sufficient to enforce multi-factor authentication for sign-in attempts from Sweden.

Option C, enabling an eligible role access through PIM, is not relevant to this scenario.

Option D, a User Risk Policy, is used to detect risky sign-ins and can be used in conjunction with Conditional Access policies. However, it does not enforce multi-factor authentication for specific locations.

Prev Question Next Question