Home » Microsoft » SC-900 » When security defaults are enabled for an Azure Active Directory (Azure AD) tenant, which two requirements are enforced?
When security defaults are enabled for an Azure Active Directory (Azure AD) tenant, which two requirements are enforced?
Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. All users must authenticate from a registered device.
B. Administrators must always use Azure Multi-Factor Authentication (MFA).
C. Azure Multi-Factor Authentication (MFA) registration is required for all users.
D. All users must authenticate by using passwordless sign-in.
E. All users must authenticate by using Windows Hello.
Correct Answer: BC
Explanation/Reference:
Security defaults make it easy to protect your organization with the following preconfigured security settings:
Requiring all users to register for Azure AD Multi-Factor Authentication.
Requiring administrators to do multi-factor authentication.
Blocking legacy authentication protocols.
Requiring users to do multi-factor authentication when necessary. Protecting privileged activities like access to the Azure portal.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults