Which two authentication methods should you use?

You are implementing authentication for applications in your company. You plan to implement self-service password reset (SSPR) and multifactor authentication (MFA) in Azure Active Directory (Azure AD).

You need to select authentication mechanisms that can be used for both MFA and SSPR.

Which two authentication methods should you use? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
A . Short Message Service (SMS) messages
B . Authentication app
C . Email addresses
D . Security questions
E . App passwords

View Answer

Answer: A,B

Explanation:

References: https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-methods

SMS-based sign-in is great for front-line workers. With SMS-based sign-in, users don’t need to know a username and password to access applications and services. The user instead enters their registered mobile phone number, receives a text message with a verification code, and enters that in the sign-in interface.

Users can also verify themselves using a mobile phone or office phone as secondary form of authentication used during Azure Multi-Factor Authentication or self-service password reset (SSPR).

The Authenticator app provides an additional level of security to your Azure AD work or school account or your Microsoft account and is available for Android, iOS, and Windows Phone. With the Microsoft Authenticator app, users can authenticate in a password less way during sign-in, or as an additional verification option during self-service password reset (SSPR) or Azure Multi-Factor Authentication events.

https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-methods