nerdexam
Microsoft

MB-700 · Question #138

A company uses Dynamics 365 Supply Chain Management. The company has offices in several geographic regions. Users must only be allowed to access the system from IP addresses that are associated with t

The correct answer is B. Azure Active Directory Conditional Access. Restricting access to Dynamics 365 SCM based on geographic IP address ranges requires Azure Active Directory Conditional Access, which enforces network location policies at authentication time.

Architect solutions

Question

A company uses Dynamics 365 Supply Chain Management. The company has offices in several geographic regions. Users must only be allowed to access the system from IP addresses that are associated with the regions where the company has offices. You need to set up security for the company. What should you set up?

Options

  • AEnable Session management
  • BAzure Active Directory Conditional Access
  • CExtensible Data Security policies (XDS)
  • DSecurity policy
  • EAssign user roles

How the community answered

(53 responses)
  • A
    2% (1)
  • B
    85% (45)
  • C
    8% (4)
  • D
    2% (1)
  • E
    4% (2)

Why each option

Restricting access to Dynamics 365 SCM based on geographic IP address ranges requires Azure Active Directory Conditional Access, which enforces network location policies at authentication time.

AEnable Session management

Session management controls session timeout durations and cookie behavior, not the network addresses from which users are permitted to authenticate.

BAzure Active Directory Conditional AccessCorrect

Azure Active Directory Conditional Access allows administrators to define named locations based on IP address ranges corresponding to the company's office regions. Policies can then be enforced to block any authentication attempt that originates from an IP address outside those approved locations before the user reaches the Dynamics 365 application.

CExtensible Data Security policies (XDS)

Extensible Data Security (XDS) policies restrict which data records a user can view within the application based on security policies, not the network location from which they connect.

DSecurity policy

Security policies in Dynamics 365 define row-level data access rules tied to user context, not IP address or network-based authentication restrictions.

EAssign user roles

Assigning user roles controls which features and data a user can access inside the application but does not restrict the network locations from which authentication is permitted.

Concept tested: Azure AD Conditional Access IP-based location restriction

Source: https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-conditions#locations

Topics

#Azure AD Conditional Access#IP restrictions#Access control#Dynamics 365 Security

Community Discussion

No community discussion yet for this question.

Full MB-700 Practice