Microsoft AZ-220: Implement multi-factor device authentication by using custom device authentication.

Question

You have an Azure IoT solution. You need to implement multi-factor device authentication by using custom device authentication. What should you do first?

A. Create an Azure Policy definition for Azure IoT Hub.
B. Enable multi-factor authentication (MFA) for Microsoft Azure Active Directory (Azure AD), part of Microsoft Entra.
C. Create a service endpoint policy.
D. Deploy a security token service.

Answer

B. Enable multi-factor authentication (MFA) for Microsoft Azure Active Directory (Azure AD), part of Microsoft Entra.

Explanation

The correct answer is B. Enable multi-factor authentication (MFA) for Microsoft Azure Active Directory (Azure AD), part of Microsoft Entra.

Multi-factor authentication (MFA) is a security feature that requires users to provide two or more pieces of evidence to authenticate themselves. This helps to protect your Azure IoT solution from unauthorized access.

To implement MFA for custom device authentication, you first need to enable MFA for Azure AD. Once MFA is enabled, you can create a custom device authentication policy that requires devices to use MFA to connect to your Azure IoT Hub.

The other options are incorrect for the following reasons:

• Option A creates an Azure Policy definition for Azure IoT Hub. However, this option does not enable MFA for Azure AD.
• Option C creates a service endpoint policy. However, this option does not enable MFA for Azure AD.
• Option D deploys a security token service. However, this option does not enable MFA for Azure AD.

Therefore, the only option that will correctly implement MFA for custom device authentication is B. Enable multi-factor authentication (MFA) for Microsoft Azure Active Directory (Azure AD), part of Microsoft Entra.

Here are the steps on how to enable MFA for Azure AD:

1. In the Azure portal, go to the Azure Active Directory blade.
2. In the left navigation, select Security.
3. In the Multi-factor authentication section, select Enable.
4. Follow the instructions to enable MFA for your users.

Once MFA is enabled, you can create a custom device authentication policy that requires devices to use MFA to connect to your Azure IoT Hub. Here are the steps on how to do this:

1. In the Azure portal, go to the Azure IoT Hub blade.
2. In the left navigation, select Device Authentication.
3. In the Custom device authentication section, select Create policy.
4. In the Policy name field, enter a name for your policy.
5. In the Policy definition section, select Require MFA.
6. Select Save.

Your custom device authentication policy will now require devices to use MFA to connect to your Azure IoT Hub.

Reference

• IoT device authentication options | Azure Blog | Microsoft Azure
• Device authentication in Azure IoT Central – Azure IoT Central | Microsoft Learn
• Connect devices with X.509 certificates to your application – Azure IoT Central | Microsoft Learn
• Security practices for manufacturers – Azure IoT Device Provisioning Service | Microsoft Learn
• OAuth 2.0 device authorization grant – Microsoft Entra | Microsoft Learn

Microsoft Azure IoT Developer AZ-220 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Microsoft Azure IoT Developer AZ-220 exam and earn Microsoft Azure IoT Developer AZ-220 certification.