ExpertMedium1 markMultiple Choice
Domain 1.2: Authentication and AuthorizationDomain 1Authentication and AuthorizationConditional AccessZero Trust
AZ-305 · Question 06 · Domain 1.2: Authentication and Authorization
An enterprise company is implementing a Zero Trust security model for its Azure environment and Microsoft 365 applications.
The security team mandates that any user attempting to access the Azure Portal must meet BOTH of the following conditions:
- The user must successfully complete Multi-Factor Authentication (MFA).
- The user's device must be managed by Microsoft Intune and marked as compliant with corporate security baselines.
Which TWO components must you configure to enforce these requirements? (Select TWO)
An enterprise company is implementing a Zero Trust security model for its Azure environment and Microsoft 365 applications.
The security team mandates that any user attempting to access the Azure Portal must meet BOTH of the following conditions:
- The user must successfully complete Multi-Factor Authentication (MFA).
- The user's device must be managed by Microsoft Intune and marked as compliant with corporate security baselines.
Which TWO components must you configure to enforce these requirements? (Select TWO)
Answer options:
A.
A Microsoft Entra Conditional Access policy
B.
Microsoft Entra Identity Protection
C.
Microsoft Intune compliance policies
D.
Azure Role-Based Access Control (RBAC)
E.
Microsoft Entra Privileged Identity Management (PIM)
How to approach this question
Identify the engine that enforces access controls (Conditional Access) and the system that determines device health (Intune).
Full Answer
A Microsoft Entra Conditional Access policy, Microsoft Intune compliance policies
To enforce device compliance, Microsoft Intune must be used to define compliance policies (e.g., requiring BitLocker, minimum OS version). Intune evaluates the device and sends the compliance status to Microsoft Entra ID. Then, a Microsoft Entra Conditional Access policy acts as the gatekeeper, configured to grant access to the 'Microsoft Azure Management' cloud app only if the user satisfies MFA AND the device is marked as compliant.
Common mistakes
Confusing Identity Protection (risk-based) with Conditional Access (rule-based enforcement).
Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 3
55 questions · hints · full answers · grading
More questions from this exam
Q01Contoso Ltd is a global manufacturing company with 50,000 employees across 30 countries. They cur...MediumQ02Fabrikam Inc. is a Managed Service Provider (MSP) managing Azure environments for 50 different en...HardQ03A financial institution generates 5 TB of telemetry and audit logs daily across its Azure environ...MediumQ04A retail company has recently migrated several workloads to Azure. The IT Director wants a centra...EasyQ05A healthcare organization with 10,000 employees uses on-premises Active Directory. They are migra...Hard