Microsoft 365 Certified Endpoint Administrator (MD-102) Practice Test

Which Azure AD feature can be utilized for multi-factor authentication (MFA) and domain joining compliance?

• A. Azure AD Domain Services
• B. Azure AD Identity Protection
• C. Azure AD Privileged Identity Management
• D. Azure AD Conditional Access

The correct answer is: Azure AD Conditional Access

The correct answer is Azure AD Conditional Access, as it provides the ability to enforce specific policies based on user conditions and device compliance when accessing resources. It is an essential feature for implementing multi-factor authentication (MFA) as it allows administrators to require additional verification methods based on defined criteria, such as the user’s location, device state, and risk level. Conditional Access policies can be set to require MFA when certain conditions are met, ensuring that only compliant devices or trusted locations are granted access to sensitive resources. This capability enhances security by adding an extra layer of verification before allowing access, which is critical in safeguarding data and applications in a cloud environment. In contrast, Azure AD Domain Services primarily provides domain join capabilities and LDAP support but does not directly enforce MFA. Azure AD Identity Protection is focused on risk detection and reporting, helping manage and respond to potential security risks, but it does not inherently manage access conditions like Conditional Access does. Azure AD Privileged Identity Management is designed to manage and control access to privileged roles, primarily focusing on just-in-time access rather than broader conditional access scenarios. Overall, Conditional Access is the feature that effectively marries the requirements for multi-factor authentication with compliance regarding device and user identity within Azure Active Directory.