Microsoft 365 Administrator Expert MS-102 Practice Question
Contoso Ltd. is developing a Conditional Access strategy for its Microsoft Entra ID Premium P2 tenant. Requirements are:
- All guest users must always perform multifactor authentication (MFA) when they access SharePoint Online or OneDrive for Business.
- Internal employees should be prompted for MFA only when their sign-in risk is Medium or High.
- Two emergency "break-glass" administrator accounts must never be blocked or prompted by Conditional Access. What is the most efficient policy design that meets these requirements?
Create one Conditional Access policy that targets All users except the break-glass accounts, assigns SharePoint Online and OneDrive, sets the Sign-in risk condition to Medium and above, and requires MFA.
Create two policies:
- Policy 1: targets Guest users, assigns SharePoint Online and OneDrive, and grants access only if MFA is performed.
- Policy 2: targets the Employees group, sets the Sign-in risk condition to Medium or High, and grants access only if MFA is performed. Exclude the break-glass accounts from both policies.
Create two policies:
- Policy 1: targets All users, applies when the sign-in originates outside the trusted network, and requires MFA.
- Policy 2: targets the Employees group, assigns SharePoint Online and OneDrive, and blocks access unless the device is marked compliant. Exclude the break-glass accounts from both policies.
Create three policies:
- Policy 1: targets Guest users and requires MFA.
- Policy 2: targets Employees and requires MFA regardless of risk.
- Policy 3: explicitly blocks the break-glass accounts from using SharePoint Online and OneDrive.
Microsoft 365 Administrator Expert MS-102
Implement and manage Microsoft Entra identity and access
Your Score:
Bash, the Crucial Exams Chat Bot
AI Bot