The Tamilat Corporation has a partnership with the Verigon Corporation. Both Tamilat and Verigon have multi-factor authentication (MFA) capabilities. Wendy, a user at Verigon, needs access to an application in Tamilat named the AT application.

The Tamilat Corporation has a partnership with the Verigon Corporation. Both Tamilat and Verigon have multi-factor authentication (MFA) capabilities. Wendy, a user at Verigon, needs access to an application in Tamilat named the AT application.

Which of the following should you configure to ensure that Wendy can access the AT application? (Choose three.)

A) Configure MFA access for the AT application in Tamilalt.

B) Ensure that Verigon has sufficient Premium Azure AD licenses that support MFA.

C) Ensure that Tamilat has sufficient Premium Azure AD licenses that support MFA.

D) Configure MFA access for the AT application in Verigon.

E) Create a policy named MFA policy on the AT application under Conditional Access. Under Conditions, choose Require multi-factor authentication under Allow access.

F) Create a policy named MFA policy on the AT application under Conditional Access. Under Controls, choose Require multi-factor authentication under Allow access.

Explanation

You would do the following:

• Configure MFA access for the AT application in Tamilalt.
• Create a policy named MFA policy on the AT application under Conditional Access. Under Controls, choose Require multi-factor authentication under Allow access.
• Ensure that Tamilalt has sufficient Premium Azure AD licenses that support MFA.

To configure MFA on an application, you must find the application in Azure in the tenant that contains it. In this scenario, Tamilalt owns the AT application. You would choose Conditional Access under the application and click Add to create a policy. Once the policy is created, you can create assignments to grant users and groups access to the application. You can select the All Guest Users to allow access to external users or find a specific user. You can choose to specify conditions on device platforms, client apps, or locations. If you choose locations, you can allow users from any location or only allow users from trusted IPs. The Controls section of the policy allows you to block or allow access. If you choose to allow access, you can require multi-factor authentication.

Even though Tamilalt and Verigon have MFA capabilities, MFA policies are enforced at the resource organization, which is Tamilalt because it owns the AT application. When Wendy from Verigon attempts to access the AT application in the Tamilalt tenant, she will be asked to complete an MFA challenge. Wendy can set up her MFA with Tamilalt and choose their MFA option.

As Tamilalt owns the application, they must have sufficient Premium Azure AD licenses that support MFA, not Verigon. Wendy, the user from Verigon, consumes one of these licenses from Tamilalt.

 

Objective:

Describe identity, governance, privacy, and compliance features

Sub-Objective:

Describe core Azure identity services

References:

Microsoft Docs > Azure > Active Directory > Conditional access for B2B collaboration users

Microsoft Docs > Azure > Active Directory > Privileged Identity Management > Multi-factor authentication and Privileged Identity Management