Crucial Exams

Microsoft 365 Administrator Expert MS-102 Practice Question

Your organization wants to roll out passwordless sign-in by using FIDO2 security keys. The security team stipulates that only YubiKey 5 NFC devices (AAGUID fa2b99dc-9e38-4b94-8a36-f6e2773c17e3) can be registered and that Microsoft Entra ID must validate the device manufacturer during key registration. You create an authentication methods policy and enable the FIDO2 security key method. Which configuration change meets both security requirements?

  • Set User verification requirement to Discouraged and add the AAGUID to a deny list in the policy.

  • Require registration from hybrid Azure AD-joined devices only and add the AAGUID under Allowed tenants.

  • Disable Enforce attestation and, under Enforce key restrictions, choose Block and enter the approved AAGUID.

  • Set Enforce attestation to Yes and, under Enforce key restrictions, choose Allow and enter the approved AAGUID.

Microsoft 365 Administrator Expert MS-102
Implement and manage Microsoft Entra identity and access
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot