MS-102 Question #154: Real Exam Question with Answer & Explanation

Question

Your company has a Microsoft Entra tenant named contoso.com and a Microsoft 365 subscription. All users use Windows 10 devices to access Microsoft Office 365 apps. All the devices are in a workgroup. You plan to implement password less sign-in to contoso.com. You need to recommend changes to the infrastructure for the planned implementation. What should you include in the recommendation?

Options

• AJoin all the devices to contoso.com.
• BDeploy Microsoft Entra Application Proxy.
• CDeploy X.509.3 certificates to all the users.
• DDeploy the Microsoft Authenticator app.

Explanation

For users on workgroup Windows 10 devices accessing Microsoft 365, deploying the Microsoft Authenticator app is the most effective and straightforward recommendation for implementing passwordless sign-in.

Common mistakes.

• A. Joining all devices to contoso.com (Azure AD Join) would enable Windows Hello for Business for passwordless sign-in, but it represents a significant infrastructure change for workgroup devices and is not the simplest direct recommendation for passwordless access to Microsoft 365 apps.
• B. Microsoft Entra Application Proxy is used to provide secure remote access to on-premises web applications for external users, and it does not directly facilitate passwordless sign-in for Microsoft 365 apps.
• C. Deploying X.509.3 certificates for certificate-based authentication (CBA) can offer passwordless sign-in, but it is a complex and resource-intensive solution for a workgroup environment compared to simply deploying the Authenticator app.

Concept tested. Microsoft Entra passwordless authentication methods

Reference. https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-phone

No community discussion yet for this question.