You have a Microsoft 365 tenant.
All users have mobile phones and laptops.
The users frequently work from remote locations that do not have Wi-Fi access or mobile phone connectivity.
While working from the remote locations, the users connect their laptop to a wired network that has internet access.
You plan to implement multi-factor authentication (MFA)
Which MFA authentication method can the users use from the remote location?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
In Windows 10, Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices.
This authentication consists of a new type of user credential that is tied to a device and uses a biometric or PIN.
After an initial two-step verification of the user during enrollment, Windows Hello is set up on the user's device and Windows asks the user to set a gesture, which can be a biometric, such as a fingerprint, or a PIN.
The user provides the gesture to verify their identity.
Windows then uses Windows Hello to authenticate users.
Incorrect Answers: A: The Microsoft Authenticator app requires a mobile phone that runs Android or iOS B: An app password can be used to open an application but it cannot be used to sign in to a computer.
D: SMS requires a mobile phone - Reference: https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-methods https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-overview.
When implementing multi-factor authentication (MFA) in a Microsoft 365 tenant, you must consider the different scenarios in which users may need to authenticate. In this case, the users frequently work from remote locations that do not have Wi-Fi access or mobile phone connectivity, but they connect their laptop to a wired network that has internet access. Therefore, the MFA authentication method that can be used from the remote location needs to be able to work without a Wi-Fi or mobile phone connection.
The available options are:
A. A notification through the Microsoft Authenticator app: This method requires a mobile device and an internet connection to receive the notification. Since the users in this scenario may not have access to a Wi-Fi or mobile phone connection, this method may not be practical.
B. An app password: This method allows users to create a unique password that can be used to sign in to apps and devices that do not support modern authentication, such as older versions of Office applications. While this method does not require a Wi-Fi or mobile phone connection, it is less secure than other MFA methods and should only be used as a last resort.
C. Windows Hello for Business: This method allows users to use a PIN or biometric gesture to sign in to Windows devices. Windows Hello for Business requires a device that supports Windows Hello and meets the hardware and software requirements. While this method does not require a Wi-Fi or mobile phone connection, it may not be practical if the users are not using Windows devices or if their devices do not meet the requirements for Windows Hello.
D. SMS: This method sends a text message to the user's mobile phone with a code that must be entered during the sign-in process. Since the users in this scenario have mobile phones, this method could be a practical solution. However, it is important to note that SMS-based authentication has been found to be less secure than other MFA methods because SMS messages can be intercepted.
In summary, the MFA authentication method that can be used from the remote location in this scenario is SMS, as it can be used without a Wi-Fi connection and the users have mobile phones. However, it is important to consider the security implications of using SMS-based authentication and to encourage users to use more secure methods whenever possible.