Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant that contains a group named Group1.
You need to enable multi-factor authentication (MFA) for the users in Group1 only.
Solution: From Multi-Factor Authentication, you select Bulk update, and you provide a CSV file that contains the members of Group1.
Does this meet the goal?
Click on the arrows to vote for the correct answer
A. B.B
We should use a Conditional Access policy.
Note: There are two ways to secure user sign-in events by requiring multi-factor authentication in Azure AD. The first, and preferred, option is to set up a
Conditional Access policy that requires multi-factor authentication under certain conditions. The second option is to enable each user for Azure Multi-Factor
Authentication. When users are enabled individually, they perform multi-factor authentication each time they sign in (with some exceptions, such as when they sign in from trusted IP addresses or when the remembered devices feature is turned on).
Enabling Azure Multi-Factor Authentication using Conditional Access policies is the recommended approach. Changing user states is no longer recommended unless your licenses don't include Conditional Access as it requires users to perform MFA every time they sign in.
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstatesThe provided solution of using Bulk update from the Multi-Factor Authentication portal and providing a CSV file that contains the members of Group1 to enable MFA for those users only will meet the stated goal of enabling MFA for Group1 users only. Therefore, the answer is A - Yes.
Here's why:
Azure Active Directory (Azure AD) is a cloud-based identity and access management service that enables users to authenticate and access resources in the cloud and on-premises. Multi-factor authentication (MFA) is a security feature in Azure AD that requires users to provide two or more forms of authentication to access Azure resources, such as a password and a verification code sent to a phone.
To enable MFA for a specific group of users, such as Group1 in this scenario, there are various methods available in Azure AD, such as Conditional Access policies, security defaults, and the Multi-Factor Authentication portal.
In this solution, the Multi-Factor Authentication portal is used to enable MFA for Group1 users only by selecting Bulk update and providing a CSV file that contains the members of Group1. This method allows for a targeted approach to enable MFA for specific users without affecting other users in the organization who may not require MFA.
Overall, this solution is a valid method to enable MFA for Group1 users only, as it utilizes the Multi-Factor Authentication portal and provides a targeted approach to enabling MFA.