Question 70 of 115 from exam AZ-304: Microsoft Azure Architect Design
Question
HOTSPOT -
You have the Free edition of a hybrid Azure Active Directory (Azure AD) tenant. The tenant uses password hash synchronization.
You need to recommend a solution to meet the following requirements:
-> Prevent Active Directory domain user accounts from being locked out as the result of brute force attacks targeting Azure AD user accounts.
-> Block legacy authentication attempts to Azure AD integrated apps.
-> Minimize costs.
What should you recommend for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Explanations
Box 1: Smart lockout -
Smart lockout helps lock out bad actors that try to guess your users' passwords or use brute-force methods to get in. Smart lockout can recognize sign-ins that come from valid users and treat them differently than ones of attackers and other unknown sources. Attackers get locked out, while your users continue to access their accounts and be productive.
Box 2: Conditional access policies
If your environment is ready to block legacy authentication to improve your tenant's protection, you can accomplish this goal with Conditional Access.
How can you prevent apps using legacy authentication from accessing your tenant's resources? The recommendation is to just block them with a Conditional
Access policy. If necessary, you allow only certain users and specific network locations to use apps that are based on legacy authentication.
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-smart-lockout https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/block-legacy-authentication