A conditional access policy is implemented to enforce multi-factor authentication (MFA) when logging into the Azure Virtual Desktop.
The company wants the MFA requirement to be eliminated/disabled when a user authenticates from the corporate network.
Which of the following options will help in meeting the company's requirements? (Select all that are applicable)
Click on the arrows to vote for the correct answer
A. B. C. D. E.Correct Answers: A and B
The public IP of the corporate network can be added as Multi-factor authentication (MFA) trusted IP or added to a trusted IP range location.
Then these options can be added as an exclusion to a conditional Access Policy.
Option A is correct.
Adding the public IP as an MFA trusted IP and then adding an exception for the trusted locations in the policy will help in eliminating MFA requirements when a user authenticates from the corporate network.
Option B is correct.
Adding the public IP as a trusted IP range location and then adding an exception for the trusted locations in the policy will help in eliminating MFA requirements when a user authenticates from the corporate network.
Option C is incorrect.
Setting an exclusion in security defaults won't help in meeting the company's requirements.
Option D is incorrect.
Setting an exclusion in security defaults won't help in meeting the company's requirements.
Option E is incorrect.
Adding the public IP of the corporate network as multi-factor authentication (MFA) trusted IP or to a trusted IP range location and then Setting an exclusion in security defaults won't help in meeting the company's requirements.
Reference:
To know more about location conditions in a Conditional Access Policy, please visit the below-given link:
The company wants to disable the multi-factor authentication (MFA) requirement for users who are authenticating from the corporate network, while still enforcing MFA for users outside the corporate network. In Azure Virtual Desktop (AVD), this can be achieved through Conditional Access policies.
Option A suggests adding the public IP as an MFA trusted IP and then adding an exception for the trusted locations in the policy. However, this option is incorrect because it does not address the scenario where users are logging in from the corporate network.
Option B suggests adding the public IP as a trusted IP range location and then adding an exception for the trusted locations in the policy. This option is also incorrect because it does not consider the fact that the company wants MFA to be disabled for users logging in from the corporate network.
Option C suggests adding the corporate public IP as a trusted IP range location and then setting an exclusion in security defaults. This option is incorrect because the security defaults apply to the entire organization and cannot be customized for a specific location. Additionally, the trusted IP range location only applies to network traffic and does not affect MFA requirements.
Option D suggests adding the corporate public IP as an MFA trusted IP and then setting an exclusion in security defaults. This is the correct option as it addresses the requirement of disabling MFA for users logging in from the corporate network. By adding the corporate public IP as an MFA trusted IP, AVD recognizes that users are logging in from a trusted network and does not require them to go through the MFA process. The exclusion in security defaults ensures that MFA is still enforced for users logging in from other networks.
Therefore, the correct answer is option D - Adding the corporate public IP as an MFA trusted IP and then setting an exclusion in security defaults.