Microsoft 365 Administrator — Question 178
You have a Microsoft 365 E5 subscription.
You plan to implement an authentication policy that will user FIDO2 security key as a user authentication method.
You need to ensure that during enrollment, each FIDO2 security key is verified by using the FIDO Alliance Metadata Service.
Which setting should you enable?
Answer options
- A. Allow self-service setup
- B. Restrict specific keys
- C. Enforce attestation
- D. Enforce key restrictions
Correct answer: C
Explanation
The correct answer is C, Enforce attestation, because it ensures that FIDO2 security keys are validated against the FIDO Alliance Metadata Service, which is crucial for maintaining security standards. The other options do not provide the necessary verification of the keys during the enrollment process.