You are the architect of the ACME banking group. You have been tasked to ensure all identities within the Azure tenant for ACME.com tenant is secured by multi-factor authentication. You notice there are the following baseline policies:
? Baseline policy: Require MFA for admins
? Baseline policy: Block legacy authentication
? Baseline policy: End-user protection
? Baseline policy: Require MFA for Service Management
You need to block Exchange ActiveSync. Which of the following policies do you enable?
None of the above is correct as you need to create a custom conditional access policy to block Exchange ActiveSync. Block legacy authentication is incorrect as this is the baseline conditional access policy which will block all legacy authentication for all users. Require MFA for Service Management is incorrect as this will require MFA for any user accessing the Azure portal, Azure PowerShell or Azure CLI. Require MFA for admins is incorrect as this forces the privileged accounts to make use of MFA. End-user protection is incorrect as this requires all users to register for MFA within 14 days.