Which two settings should you modify in a conditional access policy?

HOTSPOT

You have a Windows Virtual Desktop deployment.

You need to ensure that all the connections to the managed resources in the host pool require multi-factor authentication (MFA).

Which two settings should you modify in a conditional access policy? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

View Answer

Answer:

Explanation:

In order to enforce Multi-Factor Authentication (MFA) for all connections to managed resources in a Windows Virtual Desktop host pool, you need to configure a Conditional Access Policy in Azure AD.

The two settings that should be modified in a Conditional Access Policy to accomplish this are:

Assignments -> Users and groups: You would choose ‘All users’ or a specific group of users that you want to enforce MFA on.

Access controls -> Grant: In this section, you would configure the control to ‘Grant access’ and require ‘Multi-Factor Authentication’.

You would not necessarily need to alter the ‘Cloud apps or actions’ or ‘Conditions’ unless you want to specify particular apps or conditions under which the policy applies. If you want the policy to apply to all cloud apps, you can leave it as ‘No cloud apps or actions selected’, which will enforce the policy for all apps by default. However, if you only want to apply MFA to the Windows Virtual Desktop app, you would select that specific app under the ‘Cloud apps or actions’ section.

In ‘Conditions’, you could specify certain conditions like location or device state, but this is not required just to enforce MFA; it’s more about refining the policy.

Please note that you would also need to ensure that the ‘Enable policy’ switch at the end of the configuration is set to ‘On’ for the policy to be active.