AZ-104 · Question #396
AZ-104 Question #396: Real Exam Question with Answer & Explanation
The correct answer is B: the multi-factor authentication service settings.. To enforce that administrators use a verification code and can only access the Azure portal from the on-premises network, you should configure the multi-factor authentication service settings.
Question
You have an Azure Active Directory (Azure AD) tenant. All administrators must enter a verification code to access the Azure portal. You need to ensure that the administrators can access the Azure portal only from your on- premises network. What should you configure?
Options
- Aan Azure AD Identity Protection user risk policy.
- Bthe multi-factor authentication service settings.
- Cthe default for all the roles in Azure AD Privileged Identity Management
- Dan Azure AD Identity Protection sign-in risk policy
Explanation
To enforce that administrators use a verification code and can only access the Azure portal from the on-premises network, you should configure the multi-factor authentication service settings.
Common mistakes.
- A. An Azure AD Identity Protection user risk policy focuses on detecting and remediating compromised user accounts, not on enforcing access from specific network locations.
- C. Configuring the default for roles in Azure AD Privileged Identity Management (PIM) primarily manages just-in-time access and approval workflows for privileged roles, not network location restrictions for access.
- D. An Azure AD Identity Protection sign-in risk policy assesses the risk of a sign-in attempt and can trigger MFA or block access, but it doesn't directly enforce access only from a specific on-premises network range.
Concept tested. Azure MFA trusted IPs and location-based access control
Reference. https://learn.microsoft.com/azure/active-directory/authentication/howto-mfa-trusted-ips
Community Discussion
No community discussion yet for this question.