Configuring Multi-Factor Authentication

Question 1

How can you access MFA settings in the Azure Portal?

Answer 1

By browsing to Azure Active Directory, and then to MFA.

Question 2

What are some configuration options available in MFA settings?

Answer 2

Account lockout, block and unblock users, and other key configuration options.`

Question 3

What does the account lockout setting do?

Answer 3

Temporarily locks out accounts in the MFA service if too many denied authentication attempts are detected.

Question 4

What is the purpose of the block/unblock settings?

Answer 4

o manually prevent certain users on an on-prem MFA Server from receiving MFA requests.

Question 5

What is the fraud alert feature used for?

Answer 5

Configuring settings related to users’ ability to report fraudulent verification requests from an on-prem MFA server.

Question 6

What does the caching rules feature do?

Answer 6

Allows subsequent verification requests to succeed automatically if the user succeeds the first verification.

Question 7

What can you view in the server status settings?

Answer 7

The status of on-prem MFA servers, including version, status, IP, and last communication time and date.

Question 8

Where can you find the activity report?

Answer 8

Under “Manage MFA Server” for on-prem MFA Server implementations.

Question 9

How many authentication methods are required by default for SSPR?

Answer 9

One authentication method is required by default.

Question 10

How can you require users to register when they sign in for SSPR?

Answer 10

On the Registration page, select the option to require users to register when they sign in.

Question 11

What is the self-service password reset URL?

Answer 11

The self-service password reset URL is https://aka.ms/sspr/.

Question 12

How can you disable self-service password reset?

Answer 12

In the Azure AD portal, go to Password Reset, select none under self-service password reset enabled, and save the settings.

Question 13

What type of sign-ins are displayed in the sign-ins report?

Answer 13

The sign-ins report displays interactive sign-ins where users have manually signed in using their username and password.

Question 14

What information is shown in the default list view of the sign-ins report?

Answer 14

The default list view shows the sign-in date, related user, application signed into, sign-in status, conditional access status, and MFA requirements status.

Question 15

How can you customize the view of the sign-ins report?

Answer 15

By clicking on “Columns” at the top, you can customize the view of the sign-ins report.

Question 16

What information is displayed in the Basic Info tab of a specific sign-in?

Answer 16

The Basic Info tab shows user information, IP address of the sign-in, sign-in location, sign-in date, and client app used for the sign-in.

Question 17

: Can you view device-specific information for a sign-in?

Answer 17

Yes, by clicking on “Device Info,” you can see details about the specific device used for the sign-in, such as the operating system and browser.

Question 18

How can you determine if a sign-in required MFA or conditional access?

Answer 18

The MFA tab in the sign-ins report indicates whether MFA was required for the sign-in, and the same goes for conditional access.

Question 19

What options are available at the top of the sign-ins report?

Answer 19

You can view your info with Power BI and download the report if needed.

Question 20

What can an administrator do with Azure MFA in the cloud regarding user and device settings?

Answer 20

An administrator can manage user and device settings, such as requiring users to re-provide their contact methods, deleting app passwords, and requiring MFA on all trusted devices.

Question 21

What happens when an administrator requires users to re-provide their contact methods in Azure MFA?

Answer 21

Requiring users to re-provide their contact methods forces them to complete the MFA registration process again. Non-browser apps that the user has access to will continue to work unless the user has app passwords for them.

Question 22

How can an administrator delete a user’s app passwords in Azure MFA?

Answer 22

y checking the box next to “delete all existing app passwords generated by the selected users,” an administrator can delete a user’s app passwords. This action will cause any non-browser apps associated with the deleted app passwords to stop working until a new app password is created.

Question 23

What does it mean to mark devices as trusted in Azure MFA?

Answer 23

Allowing users to mark devices as trusted permits them to opt out of two-step verification for a specified number of days on their regular devices.

Question 24

Why would an administrator want to restore Multi-Factor Authentication on all remembered devices?

Answer 24

If an account is compromised or a trusted device is lost, an administrator may need to remove the trusted status and require two-step verification again. By checking the box for “restore Multi-Factor Authentication on all remembered devices,” an administrator can accomplish this.

Question 25

What happens when an administrator restores MFA authentication on all remembered devices for a user in Azure MFA?

Answer 25

The user will be challenged to perform two-step verification the next time they sign in, regardless of whether or not they marked their device as trusted.

Question 26

What are the different reports available in Azure MFA to monitor usage?

Answer 26

The reports available in Azure MFA include the block user history report, usage and fraud alerts report, usage for on-prem components report, bypassed user history report, and server status report.

Question 27

What information does the block user history report in Azure MFA provide?

Answer 27

The block user history report shows the history of user block and user unblock requests.

Question 28

What does the usage and fraud alerts report in Azure MFA display?

Answer 28

The usage and fraud alerts report provides information on overall usage, user summary, user details, and a history of fraud alerts submitted during the specified date range.

Question 29

What does the usage report for on-prem components in Azure MFA show?

Answer 29

The usage report for on-prem components provides information on the overall usage of MFA through the NPS extension ADFS and the MFA server.

Question 30

What information is included in the bypassed user history report in Azure MFA?

Answer 30

The bypassed user history report shows the history of requests to bypass multi-factor authentication for a user.

Question 31

What does the server status report in Azure MFA display?

Answer 31

The server status report shows the status of multi-factor authentication servers associated with the account.

Question 32

Why is it necessary to register an app or service with Azure AD before integrating it?

Answer 32

Registering an app or service with Azure AD is necessary to establish a connection and enable secure sign-in and authentication with Azure AD. It provides Azure AD with information about the application, such as its location URL, reply URL, app URI, and other relevant details.

Question 33

What is typically included in the information provided during the app registration process in Azure AD?

Answer 33

he information provided during the app registration process typically includes the URL where the application is located, the URL to send replies to after user authentication, the app URI, and any other pertinent details.

Question 34

How can an app or service be registered with Azure AD?

Answer 34

An app or service can be registered with Azure AD using the app registration experience in the Azure Portal. This allows developers and providers to provide the necessary information and register the application with Azure AD.

Question 35

What is Azure AD Application Proxy?

Answer 35

It allows secure access to on-prem web apps from remote clients.

Question 36

How does Azure AD App Proxy work?

Answer 36

Users sign in through Azure AD, which sends tokens to the Application Proxy service. The service forwards requests to the on-prem app through the connector.

Question 37

What types of apps can be used with it?

Answer 37

Web apps with IWA, form-based authentication, header-based access, and Web APIs. It also supports Remote Desktop Gateway and ADAL-integrated client apps.

Question 38

Does Azure AD Application Proxy support single sign-on?

Answer 38

Yes, it supports single sign-on for seamless access to on-prem applications.

Question 39

What is Azure AD Business-to-Business (B2B) collaboration?

Answer 39

It allows organizations to share applications and services with guest users from other organizations while maintaining control over corporate data.

Question 40

How does B2B collaboration enable safe and secure collaboration with external partners?

Answer 40

It provides an easy invitation and redemption process where partners can use their own credentials to access company resources.

Question 41

Can developers customize the invitation process in Azure AD B2B?

Answer 41

Yes, developers can use Azure AD B2B APIs to customize the invitation process and create self-service sign-up portals.

Question 42

What will be covered in the upcoming demonstration?

Answer 42

The demonstration will show how organizations can collaborate with guest users by inviting them to sign into company applications and services using their own identities.