Microsoft Endpoint Administrator — Question 3

You have a Microsoft 365 E5 subscription that contains a user named User1 and a web app named App1.
App1 must only accept modern authentication requests.
You plan to create a Conditional Access policy named CAPolicy1 that will have the following settings:

Assignments -
Users or workload identities: User1

Cloud apps or actions: App1 -

Access controls -

Grant: Block access -
You need to block only legacy authentication requests to App1.
Which condition should you add to CAPolicy1?

Answer options

• A. Filter for devices
• B. Device platforms
• C. User risk
• D. Sign-in risk
• E. Client apps

Correct answer: E

Explanation

The correct answer is E, as adding the Client apps condition allows you to specify which types of authentication methods are permitted, effectively blocking legacy authentication. The other options do not directly address the requirement to filter based on authentication type, making them unsuitable for the task at hand.