0
0
Azurecloud~10 mins

Conditional access policies in Azure - Interactive Code Practice

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Practice - 5 Tasks
Answer the questions below
1fill in blank
easy

Complete the code to specify the condition to require MFA for all users.

Azure
policy = {
  "conditions": {
    "users": {
      "include": [[1]]
    }
  }
}
Drag options to blanks, or click blank then click option'
A"ExternalUsers"
B"Guests"
C"Admins"
D"AllUsers"
Attempts:
3 left
💡 Hint
Common Mistakes
Using a specific group like "Admins" instead of all users.
Using "Guests" which only targets guest accounts.
2fill in blank
medium

Complete the code to set the grant control to require multi-factor authentication.

Azure
policy = {
  "grantControls": {
    "operator": "OR",
    "builtInControls": [[1]]
  }
}
Drag options to blanks, or click blank then click option'
A"mfa"
B"passwordChange"
C"trustedLocation"
D"compliantDevice"
Attempts:
3 left
💡 Hint
Common Mistakes
Choosing "compliantDevice" which requires device compliance, not MFA.
Choosing "trustedLocation" which restricts access by location.
3fill in blank
hard

Fix the error in the condition to include only users in the 'Sales' group.

Azure
policy = {
  "conditions": {
    "users": {
      "includeGroups": [[1]]
    }
  }
}
Drag options to blanks, or click blank then click option'
A"SalesGroupId"
B"AllUsers"
C"AdminsGroupId"
D"GuestsGroupId"
Attempts:
3 left
💡 Hint
Common Mistakes
Using "AllUsers" which targets everyone, not just Sales.
Using "AdminsGroupId" which targets a different group.
4fill in blank
hard

Fill both blanks to require MFA only when users sign in from outside trusted locations.

Azure
policy = {
  "conditions": {
    "locations": {
      "include": ["AllLocations"],
      "exclude": [[1]]
    }
  },
  "grantControls": {
    "builtInControls": [[2]]
  }
}
Drag options to blanks, or click blank then click option'
A"TrustedLocations"
B"mfa"
C"compliantDevice"
D"UntrustedLocations"
Attempts:
3 left
💡 Hint
Common Mistakes
Using "UntrustedLocations" in exclude, which is not valid.
Using "compliantDevice" instead of "mfa" for grant control.
5fill in blank
hard

Fill all three blanks to create a policy that applies to all users, requires MFA, and excludes trusted locations.

Azure
policy = {
  "conditions": {
    "users": {
      "include": [[1]]
    },
    "locations": {
      "exclude": [[2]]
    }
  },
  "grantControls": {
    "builtInControls": [[3]]
  }
}
Drag options to blanks, or click blank then click option'
A"AllUsers"
B"TrustedLocations"
C"mfa"
D"Guests"
Attempts:
3 left
💡 Hint
Common Mistakes
Using "Guests" instead of "AllUsers" for users.
Using "TrustedLocations" in include instead of exclude.
Using "compliantDevice" instead of "mfa" for grant control.