Skip to Content

Microsoft AZ-104: Does Altering User Settings on Multi-Factor Authentication Page Implement Conditional Access for Global Admins?

By: Author Alex Lim

Posted on

Categories Exam

Learn whether modifying user settings on the Azure AD multi-factor authentication page is sufficient to require Global Administrators to use MFA and an Azure AD-joined device when connecting from untrusted locations. Discover the correct way to implement this conditional access policy.

Table of Contents

Question

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.

Your company has an Azure Active Directory (Azure AD) subscription.

You want to implement an Azure AD conditional access policy.

The policy must be configured to require members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations.

Solution: You access the multi-factor authentication page to alter the user settings.

Does the solution meet the goal?

A. Yes
B. No

Answer

B. No, the solution does not meet the goal.

Explanation

While the multi-factor authentication page allows you to enable and enforce MFA for users, it does not provide the granular control needed to implement the specific conditional access policy requirements stated in the question.

To properly configure the conditional access policy, you should use the Azure AD Conditional Access blade in the Azure portal. This allows you to:

  1. Target the policy specifically to members of the Global Administrators group
  2. Require both multi-factor authentication and a device condition (Azure AD-joined device)
  3. Set the condition to apply the policy when connecting from untrusted locations

Simply modifying user settings on the multi-factor authentication page is insufficient, as it does not allow you to define the device condition or target the policy based on group membership and untrusted locations. The Azure AD Conditional Access blade provides the necessary controls to meet all the stated requirements for this policy.

The response provides a clear answer (B. No) and a detailed explanation of why modifying user settings on the MFA page does not satisfy the conditional access policy requirements. It also outlines the correct approach using the Azure AD Conditional Access blade and the specific configurations needed to meet the stated goals.

Microsoft AZ-104 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Microsoft AZ-104 exam and earn Microsoft AZ-104 certification.