Your company has an Azure subscription.
You enable multi-factor authentication (MFA) for all users.
The company's help desk reports an increase in calls from users who receive MFA requests while they work from the company's main office.
You need to prevent the users from receiving MFA requests when they sign in from the main office.
What should you do?
Click on the arrows to vote for the correct answer
A. B. C. D.B
The first thing you may want to do, before enabling Multi-Factor Authentication for any users, is to consider configuring some of the available settings. One of the most important features is a trusted IPs list. This will allow you to whitelist a range of IPs for your network. This way, when users are in the office, they will not get prompted with MFA, and when they take their devices elsewhere, they will. Here's how to do it:
Log in to your Azure Portal.
Navigate to Azure AD > Conditional Access > Named locations.
From the top toolbar select Configure MFA trusted IPs.
https://www.kraftkennedy.com/implementing-azure-multi-factor-authentication/The correct answer is D. From Conditional access in Azure Active Directory (Azure AD), create a named location.
Explanation: Multi-factor authentication (MFA) is a security feature in Azure that requires users to provide additional authentication factors, such as a code or confirmation on a mobile device, in addition to their username and password when they sign in to Azure resources. While this is a powerful security feature, it can also cause inconvenience to users when they are constantly prompted for MFA, especially when they are working from a trusted location, such as the company's main office.
To prevent users from receiving MFA requests when they sign in from the main office, you can create a named location in Azure Active Directory (Azure AD). A named location is a way to define a trusted network location based on a public IP address range or a private IP address range. When users sign in to Azure from a named location, they are not prompted for MFA, since Azure recognizes the location as a trusted network.
Here are the steps to create a named location in Azure AD:
Once the named location is created, you can create a Conditional access policy that uses the named location as a condition for not prompting users for MFA when they sign in from the main office. To do this, follow these steps:
With this policy in place, users who sign in from the main office location will not be prompted for MFA, since they are recognized as coming from a trusted network. Users who sign in from other locations will still be prompted for MFA, providing an additional layer of security.
Answer options A, B, and C are incorrect:
A. From Azure Active Directory (Azure AD), configure organizational relationships. Organizational relationships are a way to allow users in one Azure AD tenant to access resources in another Azure AD tenant. This is not relevant to preventing MFA prompts for users in a specific location.
B. From the MFA service settings, create a trusted IP range. While creating a trusted IP range is similar to creating a named location, it only applies to the MFA service itself, not to other Azure resources. This means that users who sign in to Azure resources other than the MFA service would still be prompted for MFA, even if they are signing in from a trusted IP range.
C. From Conditional access in Azure Active Directory (Azure AD), create a custom control. Creating a custom control in Conditional access allows you to define a specific condition that must be met for users to access Azure resources. However, this does not address the specific issue of preventing MFA prompts for users in a specific location.