Configuring Multi-Factor Authentication Flashcards

1
Q

How can you access MFA settings in the Azure Portal?

A

By browsing to Azure Active Directory, and then to MFA.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are some configuration options available in MFA settings?

A

Account lockout, block and unblock users, and other key configuration options.`

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What does the account lockout setting do?

A

Temporarily locks out accounts in the MFA service if too many denied authentication attempts are detected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the purpose of the block/unblock settings?

A

o manually prevent certain users on an on-prem MFA Server from receiving MFA requests.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the fraud alert feature used for?

A

Configuring settings related to users’ ability to report fraudulent verification requests from an on-prem MFA server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does the caching rules feature do?

A

Allows subsequent verification requests to succeed automatically if the user succeeds the first verification.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What can you view in the server status settings?

A

The status of on-prem MFA servers, including version, status, IP, and last communication time and date.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Where can you find the activity report?

A

Under “Manage MFA Server” for on-prem MFA Server implementations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How many authentication methods are required by default for SSPR?

A

One authentication method is required by default.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How can you require users to register when they sign in for SSPR?

A

On the Registration page, select the option to require users to register when they sign in.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the self-service password reset URL?

A

The self-service password reset URL is https://aka.ms/sspr/.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How can you disable self-service password reset?

A

In the Azure AD portal, go to Password Reset, select none under self-service password reset enabled, and save the settings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What type of sign-ins are displayed in the sign-ins report?

A

The sign-ins report displays interactive sign-ins where users have manually signed in using their username and password.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What information is shown in the default list view of the sign-ins report?

A

The default list view shows the sign-in date, related user, application signed into, sign-in status, conditional access status, and MFA requirements status.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How can you customize the view of the sign-ins report?

A

By clicking on “Columns” at the top, you can customize the view of the sign-ins report.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What information is displayed in the Basic Info tab of a specific sign-in?

A

The Basic Info tab shows user information, IP address of the sign-in, sign-in location, sign-in date, and client app used for the sign-in.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

: Can you view device-specific information for a sign-in?

A

Yes, by clicking on “Device Info,” you can see details about the specific device used for the sign-in, such as the operating system and browser.

18
Q

How can you determine if a sign-in required MFA or conditional access?

A

The MFA tab in the sign-ins report indicates whether MFA was required for the sign-in, and the same goes for conditional access.

19
Q

What options are available at the top of the sign-ins report?

A

You can view your info with Power BI and download the report if needed.

20
Q

What can an administrator do with Azure MFA in the cloud regarding user and device settings?

A

An administrator can manage user and device settings, such as requiring users to re-provide their contact methods, deleting app passwords, and requiring MFA on all trusted devices.

21
Q

What happens when an administrator requires users to re-provide their contact methods in Azure MFA?

A

Requiring users to re-provide their contact methods forces them to complete the MFA registration process again. Non-browser apps that the user has access to will continue to work unless the user has app passwords for them.

22
Q

How can an administrator delete a user’s app passwords in Azure MFA?

A

y checking the box next to “delete all existing app passwords generated by the selected users,” an administrator can delete a user’s app passwords. This action will cause any non-browser apps associated with the deleted app passwords to stop working until a new app password is created.

23
Q

What does it mean to mark devices as trusted in Azure MFA?

A

Allowing users to mark devices as trusted permits them to opt out of two-step verification for a specified number of days on their regular devices.

24
Q

Why would an administrator want to restore Multi-Factor Authentication on all remembered devices?

A

If an account is compromised or a trusted device is lost, an administrator may need to remove the trusted status and require two-step verification again. By checking the box for “restore Multi-Factor Authentication on all remembered devices,” an administrator can accomplish this.

25
Q

What happens when an administrator restores MFA authentication on all remembered devices for a user in Azure MFA?

A

The user will be challenged to perform two-step verification the next time they sign in, regardless of whether or not they marked their device as trusted.

26
Q

What are the different reports available in Azure MFA to monitor usage?

A

The reports available in Azure MFA include the block user history report, usage and fraud alerts report, usage for on-prem components report, bypassed user history report, and server status report.

27
Q

What information does the block user history report in Azure MFA provide?

A

The block user history report shows the history of user block and user unblock requests.

28
Q

What does the usage and fraud alerts report in Azure MFA display?

A

The usage and fraud alerts report provides information on overall usage, user summary, user details, and a history of fraud alerts submitted during the specified date range.

29
Q

What does the usage report for on-prem components in Azure MFA show?

A

The usage report for on-prem components provides information on the overall usage of MFA through the NPS extension ADFS and the MFA server.

30
Q

What information is included in the bypassed user history report in Azure MFA?

A

The bypassed user history report shows the history of requests to bypass multi-factor authentication for a user.

31
Q

What does the server status report in Azure MFA display?

A

The server status report shows the status of multi-factor authentication servers associated with the account.

32
Q

Why is it necessary to register an app or service with Azure AD before integrating it?

A

Registering an app or service with Azure AD is necessary to establish a connection and enable secure sign-in and authentication with Azure AD. It provides Azure AD with information about the application, such as its location URL, reply URL, app URI, and other relevant details.

33
Q

What is typically included in the information provided during the app registration process in Azure AD?

A

he information provided during the app registration process typically includes the URL where the application is located, the URL to send replies to after user authentication, the app URI, and any other pertinent details.

34
Q

How can an app or service be registered with Azure AD?

A

An app or service can be registered with Azure AD using the app registration experience in the Azure Portal. This allows developers and providers to provide the necessary information and register the application with Azure AD.

35
Q

What is Azure AD Application Proxy?

A

It allows secure access to on-prem web apps from remote clients.

36
Q

How does Azure AD App Proxy work?

A

Users sign in through Azure AD, which sends tokens to the Application Proxy service. The service forwards requests to the on-prem app through the connector.

37
Q

What types of apps can be used with it?

A

Web apps with IWA, form-based authentication, header-based access, and Web APIs. It also supports Remote Desktop Gateway and ADAL-integrated client apps.

38
Q

Does Azure AD Application Proxy support single sign-on?

A

Yes, it supports single sign-on for seamless access to on-prem applications.

39
Q

What is Azure AD Business-to-Business (B2B) collaboration?

A

It allows organizations to share applications and services with guest users from other organizations while maintaining control over corporate data.

40
Q

How does B2B collaboration enable safe and secure collaboration with external partners?

A

It provides an easy invitation and redemption process where partners can use their own credentials to access company resources.

41
Q

Can developers customize the invitation process in Azure AD B2B?

A

Yes, developers can use Azure AD B2B APIs to customize the invitation process and create self-service sign-up portals.

42
Q

What will be covered in the upcoming demonstration?

A

The demonstration will show how organizations can collaborate with guest users by inviting them to sign into company applications and services using their own identities.