You have an Azure Active Directory (Azure AD) tenant. You have an existing Azure AD conditional access policy named Policy1. Policy1 enforces the use of Azure AD-joined devices when members of the Global Administrators group authenticate to Azure AD from untrusted locations. You need to ensure that members of the Global Administrators group will also be forced to use multi-factor authentication when authenticating from untrusted locations. What should you do? A. From the Azure portal, modify session control of Policy1. B. From the multi-factor authentication page, modify the user settings. C. From the Azure portal, modify grant control of Policy1. D. From the multi-factor authentication page, modify the service settings.  Suggested Answer: C There are two types of controls: ✑ Grant controls "" To gate access ✑ Session controls "" To restrict access to a session Grant controls oversee whether a user can complete authentication and reach the resource that they're attempting to sign-in to. If you have multiple controls selected, you can configure whether all of them are required when your policy is processed. The current implementation of Azure Active Directory enables you to set the following grant control requirements:Reference: alt="Reference Image" /> Reference: https://blog.lumen21.com/2017/12/15/conditional-access-in-azure-active-directory/ This question is in AZ-103 Microsoft Azure Administrator Exam For getting Microsoft Certified: Azure Administrator Associate Certificate Disclaimers: The website is not related to, affiliated with, endorsed or authorized by Microsoft. The website does not contain actual questions and answers from Microsoft's Certification Exams. Trademarks, certification & product names are used for reference only and belong to Microsoft.
Please login or Register to submit your answer
