Microsoft Azure Architect Design (2020, legacy) — Question 8

You are designing an Azure web app that will use Azure Active Directory (Azure AD) for authentication.
You need to recommend a solution to provide users from multiple Azure AD tenants with access to App1. The solution must ensure that the users use Azure Multi-
Factor Authentication (MFA) when they connect to App1.
Which two types of objects should you include in the recommendation? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

Answer options

• A. Azure AD conditional access policies
• B. Azure AD managed identities
• C. an Identity Experience Framework policy
• D. an Azure application security group
• E. an Endpoint Manager app protection policy
• F. Azure AD guest accounts

Correct answer: A, F

Explanation

The correct answers are A and F. Azure AD conditional access policies are essential for enforcing Azure Multi-Factor Authentication (MFA) for users accessing the application. Azure AD guest accounts allow users from different Azure AD tenants to be invited and authenticated, which is necessary for multi-tenant access. The other options do not directly facilitate MFA or multi-tenant user access in this context.