MD-102 · Question #282
MD-102 Question #282: Real Exam Question with Answer & Explanation
The correct answer is D: Add a condition in CAPolicy1 to filter for devices.. To enforce a Conditional Access policy that blocks access from iOS devices, the policy's conditions must explicitly target iOS platforms.
Question
You have a Microsoft 365 E5 subscription that contains the groups shown in the following table. You create a Conditional Access policy named CAPolicy1 that will block access to Microsoft Exchange Online from iOS devices. You assign CAPolicy1 to Group1. You discover that User1 can still connect to Exchange Online from an iOS device. You need to ensure that CAPolicy1 is enforced. What should you do?
Options
- AConfigure a new terms of use (TOU).
- BAssign CAPolicy1 to Group2.
- CEnable CAPolicy1.
- DAdd a condition in CAPolicy1 to filter for devices.
Explanation
To enforce a Conditional Access policy that blocks access from iOS devices, the policy's conditions must explicitly target iOS platforms.
Common mistakes.
- A. Configuring a new terms of use (TOU) is unrelated to blocking access based on device platform in a Conditional Access policy.
- B. Assigning CAPolicy1 to Group2 would only affect users in Group2; if User1 is in Group1, assigning to Group2 does not resolve the enforcement issue for User1.
- C. While a policy must be enabled to be enforced, the problem states the policy 'will block access... from iOS devices,' implying the specific condition for iOS devices might be missing or misconfigured within the policy despite its description, rather than the entire policy being off.
Concept tested. Conditional Access policy device platform conditions
Community Discussion
No community discussion yet for this question.