Microsoft 365 Administrator Expert MS-102 Practice Question
Contoso uses Microsoft 365 with Microsoft Entra ID Premium P1. You must create a Conditional Access policy that meets these requirements:
Apply only to members of the Sales group.
Require multifactor authentication when those users access Microsoft Graph from any location that is not marked as trusted.
Exclude every service principal that belongs to a group named AppSvc.
Leave access to other applications and to sign-ins from trusted locations unchanged. Which policy configuration satisfies all the requirements?
Include All users; exclude AppSvc group; target Microsoft Graph; Locations: Any location with an exclusion for trusted locations; Grant: Require multifactor authentication; Enable policy.
Include Sales group; target Microsoft Graph; Locations: Any location; Grant: Require multifactor authentication; Enable policy.
Include Sales group; exclude AppSvc group; target Microsoft Graph; Locations: Any location with an exclusion for trusted locations; Grant: Require multifactor authentication; Enable policy.
Include Sales group; target All cloud apps; Locations: Any location with an exclusion for trusted locations; Grant: Require multifactor authentication; Enable policy.
The correct configuration must limit scope to the Sales group, explicitly exclude the AppSvc service-principal group, target only the Microsoft Graph application, and apply the location condition so the grant control (Require MFA) is enforced everywhere except from trusted locations. Selecting All cloud apps would affect additional services, selecting All users would scope the policy too broadly, and omitting the location exclusion would force MFA even from trusted locations. Therefore, the configuration that includes Sales, excludes AppSvc, targets Microsoft Graph, adds the location condition with an exclusion for trusted locations, and grants Require MFA is the only option that meets every stated requirement.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Conditional Access in Microsoft Entra ID?
Open an interactive chat with Bash
What is Microsoft Graph, and why is it targeted in this policy?
Open an interactive chat with Bash
What are trusted locations, and how are they defined in Conditional Access policies?
Open an interactive chat with Bash
Microsoft 365 Administrator Expert MS-102
Implement and manage Microsoft Entra identity and access
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .