MS-102 · Question #305
MS-102 Question #305: Real Exam Question with Answer & Explanation
The correct answer is C: Enforce attestation. Set Enforce attestation to Yes if your organization wants to be assured that a FIDO2 security key model or passkey provider is genuine and comes from the legitimate vendor: For FIDO2 security keys, we require security key metadata to be published and verified with the FIDO Allian
Question
You have a Microsoft 365 E5 subscription. You plan to implement an authentication policy that will user FIDO2 security key as a user authentication method. You need to ensure that during enrollment, each FIDO2 security key is verified by using the FIDO Alliance Metadata Service. Which setting should you enable?
Options
- AAllow self-service setup
- BRestrict specific keys
- CEnforce attestation
- DEnforce key restrictions
Explanation
Set Enforce attestation to Yes if your organization wants to be assured that a FIDO2 security key model or passkey provider is genuine and comes from the legitimate vendor: For FIDO2 security keys, we require security key metadata to be published and verified with the FIDO Alliance Metadata Service, and also pass Microsoft's another set of validation testing. https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-enable-passkey-fido2
Topics
Community Discussion
No community discussion yet for this question.