You have been assigned the responsibility to set up conditional access for the latest launch of Azure Virtual Desktop (AVD)
Environment Details: Site 1: Range for public IP addresses 13.107.128.0/22 Site 2:Range for public IP addresses 52.238.78.88/32 Requirements: Azure Virtual Desktop users receive a Multi-Factor Authentication (MFA) prompt from outside the organization's network Azure administrators receive an MFA prompt every time they log in All users and admins receive an MFA Prompt 2 hours after the last login Recommended Solution: Add browser, Mobile Apps, and Desktop Clients to the Conditional Access Policy.
Will configuring the recommended solution help in meeting the requirements?
Click on the arrows to vote for the correct answer
A. B.Correct Answer: A
Selecting the browser, mobile apps, and desktop clients will make the policy applicable for app and web logins.
Therefore, configuring this solution is a good practice to meet the requirement.
Reference:To know more about how to Enable Azure Multi Factor Authentication for Azure Virtual Desktop, please visit the below-given link:
Yes, configuring the recommended solution will help in meeting the requirements.
Explanation: Conditional Access is a feature in Azure Active Directory that allows administrators to define conditions under which users can access Azure resources. The recommended solution suggests configuring a Conditional Access policy to meet the requirements of Azure Virtual Desktop.
The first requirement is to ensure that Azure Virtual Desktop users receive a Multi-Factor Authentication (MFA) prompt from outside the organization's network. This can be achieved by adding the "Location" condition to the Conditional Access policy and configuring it to include the public IP address ranges of Site 1 and Site 2. By doing so, the policy will only apply when users are outside the organization's network, and MFA will be required for access to Azure Virtual Desktop.
The second requirement is that Azure administrators receive an MFA prompt every time they log in. To meet this requirement, the "Users and Groups" condition can be added to the Conditional Access policy and configured to include Azure administrators. By doing so, the policy will only apply to Azure administrators, and MFA will be required every time they log in.
The third requirement is that all users and admins receive an MFA Prompt 2 hours after the last login. This can be achieved by adding the "Session" condition to the Conditional Access policy and configuring it to require MFA after a specified duration of inactivity (i.e., 2 hours). By doing so, MFA will be required after two hours of inactivity for all users and administrators.
Adding browser, mobile apps, and desktop clients to the Conditional Access policy is a good practice as it provides an additional layer of security by enforcing MFA for access from any device. Therefore, the recommended solution of adding browser, mobile apps, and desktop clients to the Conditional Access policy will help in meeting the requirements.