Microsoft Azure Security Engineer Associate AZ-500 Practice Question
Your company uses Microsoft Entra ID (Azure AD) to secure access to Azure resources. Users must perform multi-factor authentication (MFA) when they sign in from any network except the corporate office public IP range 131.107.10.0/24. While in the office, users should not be prompted for MFA. You need a tenant-wide solution that avoids managing MFA settings on individual accounts. What should you configure to meet the requirements?
Enable the Azure AD Identity Protection user-risk policy and set the response action to require MFA.
Create a Conditional Access policy that requires MFA for all users and excludes a named location containing the 131.107.10.0/24 IP range.
Enable per-user MFA for all users and configure the office IP range as a trusted IP in classic MFA settings.
Turn on Security defaults for the Azure AD tenant.
A Conditional Access policy can target all users, set the Grant control to Require multi-factor authentication, and exclude a named location that lists the office IP range as a trusted location. With this approach, any sign-in originating from outside the trusted range triggers MFA, while sign-ins from the corporate network are allowed without additional prompts. Security defaults always apply the same baseline rules and cannot be customized to ignore specific IP ranges. Enabling per-user MFA would require you to manage the setting on every account and is considered a legacy approach. The Azure AD Identity Protection user-risk policy is driven by calculated risk levels, not by network location, so it cannot selectively enforce MFA based solely on IP address.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Conditional Access policy in Azure AD?
Open an interactive chat with Bash
What is a named location in Conditional Access policy, and how can it be used?
Open an interactive chat with Bash
Why is enabling per-user MFA considered a legacy approach?
Open an interactive chat with Bash
Microsoft Azure Security Engineer Associate AZ-500
Secure identity and access
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .