Question 118 of 130 from exam MS-500: Microsoft 365 Security Administration

Question 118 of 130 from exam MS-500: Microsoft 365 Security Administration

Prev Question Next Question

Question

You are creating an Azure AD conditional access policy.

You want to enforce multi-factor authentication for a selected set of users when logging on to sharepoint online.

Which controls should you configure? Select three options.

New Conditional Access policy Control user access based on Conditional ‘Access policy to bring signals together, to make decisions, and enforce organizational policies, Learn more Name * ‘Whizlabs policy] Assignments Users and groups O users and groups selected Cloud apps or actions No cloud apps, actions, or authentication contexts selected Conditions O conditions selected Access controls O controls selected Session G O controls selected

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

Correct Answers: A, B and D

Under Users and groups, you target the selected users:

Control user access based on Conditional ‘Access policy to bring signals together, to make decisions, and enforce organizational policies, Learn more Name* ‘Whizlabs policy v Assignments Users and groups © Specific users included Cloud apps or actions No cloud apps, actions, or authentication contexts selected Control user access based on users and groups assignment for all users, specific groups of users, directory roles, or external guest users Learn more Include O None O aAllusers © Select users and groups Exclude (J All guest and external users ( (1 Directory roles @ Users and groups Conditions O conditions selected Select 1 group Access controls O controls selected Session O controls selected Whizlab-group oo

Under Cloud apps or actions, you select Sharepoint online:

Control user access based on Conditional ‘Access policy to bring signals together, to make decisions, and enforce organizational policies, Learn more Name * Assignments Users and groups Specific users included Cloud apps or actions © 1 app included Conditions O conditions selected Control user access based on all or specific ‘loud apps or actions. Learn more Select what this policy applies to Cloud apps Include O None © allcloud apps © Select apps Exclude Select Office 365 SharePoint Online Office 365 SharePoint Online. ‘90000002-0000-0f1-<a00-0000000000.

Under Grant you select the action that will be enforced, in this case granting access after MFA authentication:

Grant x Control user access enforcement to block or grant access. Learn more © Block access ©@ Grant access @ Require multi-factor authentication © (1 Require device to be marked as compliant © Require Hybrid Azure AD joined device © (J Require approved client app ©. See list of approved client apps Require app protection policy © See list of policy protected client apps Require password change © (C1 Testing terms of use

Option C is incorrect.

Conditions control user access based on signals from conditions like risk, device platform, location, client apps, or device state.

Option E is incorrect.

Sessions Control user access based on session controls to enable limited experiences within specific cloud applications.

To know more about password enabling MFA in Conditional access, please refer to the link below:

Prev Question Next Question