You have an Azure Active Directory (Azure AD) tenant that syncs with an on-premises Active Directory domain. Your company has a line-of-business (LOB) applicati...
Microsoft AZ-305 Exam
Questions Number: 160 out of 268 Questions
59.70%
Question 160
You have an Azure Active Directory (Azure AD) tenant that syncs with an on-premises Active Directory domain. Your company has a line-of-business (LOB) application that was developed internally. You need to implement SAML single sign-on (SSO) and enforce multi-factor authentication (MFA) when users attempt to access the application from an unknown location. Which two features should you include in the solution? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
D: The signals generated by and fed to Identity Protection, can be further fed into tools like Conditional Access to make access decisions, or fed back to a security information and event management (SIEM) tool for further investigation based on your organization's enforced policies. Note: Identity Protection is a tool that allows organizations to accomplish three key tasks: Automate the detection and remediation of identity-based risks. Investigate risks using data in the portal. Export risk detection data to your SIEM. E: The location condition can be used in a Conditional Access policy. Conditional Access policies are at their most basic an if-then statement combining signals, to make decisions, and enforce organization policies. One of those signals that can be incorporated into the decision-making process is location. Organizations can use this location for common tasks like: * Requiring multi-factor authentication for users accessing a service when they're off the corporate network. * Blocking access for users accessing a service from specific countries or regions. The location is determined by the public IP address a client provides to Azure Active Directory or GPS coordinates provided by the Microsoft Authenticator app. Conditional Access policies by default apply to all IPv4 and IPv6 addresses. Incorrect: Not A: Privileged Identity Management (PIM) is a service in Azure Active Directory (Azure AD) that enables you to manage, control, and monitor access to important resources in your organization. These resources include resources in Azure AD, Azure, and other Microsoft Online Services such as Microsoft 365 or Microsoft Intune. Reference: https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition
KANNIBALAMK - 10 months, 18 days ago
Correct - Azure AD enterprise applications and Conditional Access
