Question 62 of 130 from exam MS-500: Microsoft 365 Security Administration

Prev Question Next Question

Question

This is a part of a question set containing 2 questions: You are responsible for the Office 365 security in your organization.

You want to block legacy authentication to Azure AD as these protocols do not support MFA.

You have identified the usage of apps that use legacy authentication.

You must now create a conditional access policy to block legacy authentication sign-in attempts.

What should you configure to complete this policy?

Home > Conditional Access >

New

Conditional Access policy

Control user access based on Conditional
Access policy to bring signals together, to
make decisions, and enforce organizational
policies. Learn more

Name *

Block legacy authentication

Assignments

Users and groups

All users

Cloud apps or actions

All cloud apps

Conditions

0 conditions selected

‘Access controls

Grant

Block access

Session

0 controls selected

Answers

A. Conditions

B. Session

C. Cloud apps or actions

D. Leave it as it is, the policy will block legacy authentication without any further changes.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer: A

What is missing in this policy is the Conditions to control user access to target client applications to not use modern authentication.

Under Conditions select Client Apps - Set configure to Yes - check the boxes “Exchange ActiveSync Clients” and “Other Clients” under Legacy authentication clients.

Client apps x

Control user access to target specific client
applications not using modern authentication.
Learn more

Configure

Select the client apps this policy will apply to

Modern authentication clients

1 srowser

CJ Mobile apps and desktop clients

Legacy authentication clients

i Exchange Activesync clients

@ other clients ¢

Option B is incorrect.

The Session control lets you control user access based on session controls to enable limited experiences within specific cloud applications.

Option C is incorrect.

Cloud apps or actions lets you control user access based on all or specific cloud apps or actions.

All cloud apps have already been selected in this policy.

Option D is incorrect.

You need to configure the Conditions control to target legacy authentication clients.

Reference:

To know more about blocking legacy authentication, please refer to the link below:

Prev Question Next Question