Selecting Authentication Methods for MFA and SSPR | Microsoft AZ-303 Exam

Authentication Methods for MFA and SSPR

Q: You are implementing authentication for applications in your company. You plan to implement self-service password reset (SSPR) and multifactor authentication(MFA) in Azure Active Directory (Azure AD).You need to select authentication mechanisms that can be used for both MFA and SSPR.Which two authentication methods should you use? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point.

Authenticator appShort Message Service (SMS) messages

Prev Question Next Question

Question

You are implementing authentication for applications in your company. You plan to implement self-service password reset (SSPR) and multifactor authentication

(MFA) in Azure Active Directory (Azure AD).

You need to select authentication mechanisms that can be used for both MFA and SSPR.

Which two authentication methods should you use? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

Answers

A. Authenticator app

B. Email addresses

C. App passwords

D. Short Message Service (SMS) messages

E. Security questions

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

The following authentication mechanisms can be used for both MFA and SSPR:

-> Short Message Service (SMS) messages

-> Azure AD passwords

-> Microsoft Authenticator app

-> Voice call

Incorrect Answers:

B, E: The following authentication mechanisms are used for SSPR only:

-> Email addresses

-> Security questions

E: App passwords authentication mechanisms can be used for MFA only, but only in certain cases.

https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-methods

To implement self-service password reset (SSPR) and multifactor authentication (MFA) in Azure Active Directory (Azure AD), you should select authentication mechanisms that can be used for both. The two authentication methods that can be used for both MFA and SSPR are:

A. Authenticator app: An authenticator app is a mobile app that generates time-based one-time passwords (TOTP) or push notifications that users can use to authenticate their identity. It can be used for MFA and SSPR. With SSPR, the authenticator app can be used to verify the user's identity during the password reset process.

D. Short Message Service (SMS) messages: SMS messages are sent to the user's mobile phone to verify their identity. SMS can be used for both MFA and SSPR. With SSPR, SMS messages can be used to send verification codes to the user's mobile phone during the password reset process.

B. Email addresses: Email addresses can be used to verify the user's identity for both MFA and SSPR. With SSPR, the user can receive a verification email that contains a link to reset their password.

C. App passwords: App passwords are used to authenticate applications that do not support modern authentication protocols, such as OAuth. App passwords can be used for MFA, but not for SSPR.

E. Security questions: Security questions can be used for SSPR, but not for MFA. Users can answer security questions to verify their identity and reset their password.

In summary, you should use authenticator app and SMS messages as authentication methods that can be used for both MFA and SSPR. Email addresses can also be used for both, while security questions can only be used for SSPR. App passwords can be used for MFA but not SSPR.

Prev Question Next Question