You are the architect of the ACME banking group. You have been tasked to ensure all identities within the Azure tenant for ACME.com tenant is secured by multi-factor authentication. You notice there are the following baseline policies:
? Baseline policy: Require MFA for admins
? Baseline policy: Block legacy authentication
? Baseline policy: End-user protection
? Baseline policy: Require MFA for Service Management
You need to prevent users from using IMAP and POP3 when authenticating. Which of the following policies do you enable?
Block legacy authentication is correct as this is the baseline conditional access policy which will block all legacy authentication for all users. Require MFA for Service Management is incorrect as this will require MFA for any user accessing the Azure portal, Azure PowerShell or Azure CLI. Require MFA for admins is incorrect as this forces the privileged accounts to make use of MFA. End-user protection is incorrect as this requires all users to register for MFA within 14 days.