Microsoft Azure Architect Design (legacy) — Question 10

Your network contains an Active Directory domain named contoso.com that is federated to an Azure Active Directory (Azure AD) tenant. The on-premises domain contains a VPN server named Server1 that runs Windows Server 2016.
You have a single on-premises location that uses an address space of 172.16.0.0/16.
You need to implement two-factor authentication for users who establish VPN connections to Server1.
What should you include in the implementation?

Answer options

• A. In Azure AD, create a conditional access policy and a trusted named location
• B. Install and configure Azure MFA Server on-premises
• C. Configure an Active Directory Federation Services (AD FS) server on-premises
• D. In Azure AD, configure the authentication methods. From the multi-factor authentication (MFA) service settings, create a trusted IP range

Correct answer: B

Explanation

The correct answer is B, as installing and configuring Azure MFA Server on-premises directly integrates two-factor authentication for VPN connections to Server1. Options A and D focus on Azure AD configurations that do not directly apply to an on-premises VPN scenario. Option C involves AD FS, which is not necessary for simply implementing two-factor authentication for VPN access.