DRAG DROP
A company deploys an Office 365 tenant.
You need to enable multi-factor authentication for Office 365.
Which three actions should you perform in sequence? To answer, move the appropriate actions
from the list of actions to the answer area and arrange them in the correct order.
Answer: 
Explanation:
enable
single use password
instruct to use mobile phone.
I disagree.
You’ve chosen two of the three options which ‘complete the registration process’.
Can’t be right??
Please show a reference article if you’re sure.
http://technet.microsoft.com/library/dn249466.aspx
GreyWoof…aaaahhhhrroooo
https://msdn.microsoft.com/en-us/library/azure/dn383636.aspx
https://msdn.microsoft.com/en-us/library/azure/dn394276.aspx
The correct order is: 5 3 4
I think 6, 3, 4
I second what Bazs said.
See here why 6 is the correct answer
Active Directory® Domains and Trusts is the Microsoft Management Console (MMC) snap-in that you can use to administer domain trusts, domain and forest functional levels, and user principal name (UPN) suffixes.
Ok
you’re right
The anwer up there is correct
MFA per User usage
MFA per Authentic usage
Mobile registration
That doesnt make sense to me George i think it would be:
Create MFA per User model
Enable MFA for all users
Instruct single use password
Single use password because you can setup up via mobile or email but either generates a single use password.
Correct me if im wrong on this
what is the final answer with this?
My answer would be 6 4 3 because it’s always better to first exclude the users with the attribute filter
The same for me. 6 4 3.
If you filter the users before applying the attribute you aren’t filtering anything, am I wrong?
Bas, there would be nothing to filter. At this point there are no users with the Contso.com suffix, so you must do option #3 before the filtering.
6 3 4
Creating a Multi-factor authentication provider will take you from the Office 365 version (free) to the paid version. I guess the questions is wrong.
1. enable…
2. mobile Phone to complete registration
3. create app password (not to complete registration, but to allow non-browser apps like outlook to use Multi-factor auth)
http://msdn.microsoft.com/en-us/library/azure/dn376346.aspx#create
I think:
1. Create MFA per User. (Office 365)
2. Enable MFA
3. Instruct to use a mobiel Phone to complete ( 3 options: telephone, telephone work or mobile app)
The article you reference says if you want to extend MFA, then you can purchase and create a provider, but the question doesn’t state any requirements that couldn’t be handled by the default MFA that is available.
Multi-factor authentication is available by default for global administrators who have a Azure Active Directory tenant. However, if you wish to extend multi-factor authentication to all of your users and/or want to your global administrators to be able to take advantage features such as the management portal, custom greetings, and reports, then you must purchase and configure an Multi-Factor Authentication Provider.
I think 6,3,4 is the coorect answer
I agree
Thanks solo and say hi to Chewie 🙂
Agreed – Although i think Bas’s answer would still work i think it would be slightly less admin effort and more progressive sense to add domain in MMC -> add domain UPN to users in MMC -> exlude UPN in dirsync then run the sync.
Instead of add domin in MMC -> exlude UPN in dirsync -> add domain UPN to users -> run sync on dirsync server.
Nope, in no universe would Bas’s answer work. Initially all the accounts are setup with Contoso.local as the upn suffix so if you filtered them prior to adding contoso.com as an alternate suffix then you are excluding all the accounts.
The first pass would accomplish nothing. The second pass would filter but no one in their right state of mind would do that.
yes.. i’m also agree with this answer…..
i think Bas is correct
i think the answer
Enable MFA
Instruct users to use a mobile…
Instruct users to obtain a single-use password..
My opinion the answer from zedryx is correct
Zedryx is all over the place. First he says Bas is correct then he’s coming up with a different solution.
No — Agree with Slearsdude:
Create a multi factor authentication provider with the per enabled user usage model
Enable MFA for all users
Instruct the user to use mobile to complete the process
Add contoso.com UPN suffix using Active Directory Domains and Trusts
Use Active Directory Users and Computers to change the UPN for the users
Use a user attribute- based filter to exclude all the contoso.local users
The response isn’t clear.
Belong to https://technet.microsoft.com/library/dn249466.aspx
Creating a MFA provider is optional (or assign an Azure AD Premium or Enterprise Mobility Suite license to users.)
So, the response could be:
– Enable MFA for all users
– Instruct the users to use the mobile phone
– Instruct users to obtain a single use password
?
I think the answer would be:
Create MFA provider with per enabled user usage model
Enable MFA for all users
Instruct users to user a mobile phone to complete the process.
I came up with this using this thinking: You would need the MFA provider first, then enable for all users, then have the users complete the process.
A per authentication usage model charges per authentication, typically used for an application, where as a per user usage model charges per enabled user, such as O365 (https://msdn.microsoft.com/en-us/library/azure/dn376346.aspx#create).
Have a look at the page above and the one below and see if you come up with that same answer.
https://technet.microsoft.com/en-us/library/dn383636.aspx#enablemfaoffice365
Bas is correct.
I am curious. Why would we instruct the user to do anything? The question asks nothing about the user. It says we need to enable MFA. That’s it. So, should we not: Create MFA per user, Create MFA per Auth, and then enable MFA?
For me 6 4 3 doesn’t make sense.
First you add the domain in MMC, but you didn’t change UPNs yet. How could you apply filtering (exclude UPN with .local in dirsync) when all the users are still on .local? Nobody would be synched. You first have to change UPN to .com for those in the specific departments and then dirsync them with filtering (now only those who remained with .local will be excluded). So 6 3 4.
Am I wrong or attribute filtering refers to something else than dirsync? 🙂
Raisa is right. First you should add the contoso.com UPN suffix, then change the UPN suffix with ADUC and finally, filter out every user with UPN something else than @contoso.com by using Active Directory Connector in miisclient (FIM 2.0) So, term “attribute filtering” refers dirsync. That’s why 6, 3, 4.
You don’t need to enable MFA providers. Those providers are for Azure MFA, in Office 365 you don’t do it. Correct answer is:
1. Enable Multi-factor authentication for all user accounts
2. Instruct users to obtain a single-use password to complete the registration process
(email)
Instruct users to use a mobile phone to complete the registration process
(and all the subsequent authentications)
The answer is..
1. Create a MFA provider with the Per Enabled User usage model.
(https://msdn.microsoft.com/en-us/library/azure/dn376346.aspx#create, per this website, per enabled user is recommended for Office 365)
2. Enable MFA for all user accounts.
3. Instruct users to obtain single-use password to complete the registration process.
You won’t create two seperate MFA models, they are different, and creating both means you’re paying for each authentication, AND each enabled user. You do need to enable MFA as it states here https://technet.microsoft.com/library/dn249466.aspx. And users will need to obtain a single-use password and complete the registration process before setting up their mobile phone which is also stated in the previous link.
Justin’s correct.
The real Justin is about to weigh in 🙂
I believe BAS is correct. If you read the following it clearly states creating a Multi-factor authentication provider is optional:
https://technet.microsoft.com/library/dn249466.aspx
Furthermore look at the following which outlines how to do this without creating the mult-factor auth provider:
https://msdn.microsoft.com/en-us/library/azure/dn383636.aspx
So I would say:
Enable multi-factor authentication for all user accounts
Instruct users to use a mobile phone to complete the registration process
Instruct users to obtain a single-use password to complete the registration
In looking at the comments this seems to be the popular opinion.
I agree with the real Justin.
Enable MFA ( anyone who does not start with this option is wrong)
AFter which you get a code by SMS or Call
Then use that code to complete the registration.
This is the Answer
1. Before we can configure how we use MFA we must make sure we have an MFA provider*
Click MULTI-FACTOR AUTH PROVIDERS, and then click CREATE A NEW MULTI-FACTOR AUTHENTICATION PROVIDER. In NAME, type Contoso-MFA, select the usage model (select the appropriate one) select “Per Enabled User”,
2. Enable Users in my Directory to use MFA
If you create a new users in your directory all you will need is to do is select the “Enable Multi-Factor Authentication” check box.
3.Configure The MFA provider
http://blogs.technet.com/b/canitpro/archive/2014/08/14/step-by-step-enable-multi-factor-authentication-in-azure.aspx
Configure MFA settings such as Caching, Voice massages and notifications received by users ~(ie USE A MOBILE)
So to sum up the correct answer is:
1 Create a multi-factor authentication provider with the pre enabled user usage model
2 Enable multi-factor authentication for all user accounts
3 Instruct Users to use a mobile phone to complete the registration process
Anyone find out the real answer?
According to this site : https://azure.microsoft.com/en-us/documentation/articles/multi-factor-authentication-get-started-cloud/
You can skip step 1 and 2…so no need to create a provider…
Now that we have determined that we are using multi-factor authentication in the cloud, let’s get going! Please note that if you are using Multi-Factor Authentication for Office 365 or Multi-Factor Authentication for Azure Administrators you can skip to step 3. Also, this document deals with
1. Sign up for an Azure subscription
If you do not already have an Azure subscription, you need to sign-up for one. If you are just starting out and exploring using Azure MFA you can use a trial subscription
2. Create a Multi-Factor Auth Provider or assign an Azure AD Premium or Enterprise Mobility
Suite license to users
You will need to either create an Azure Multi-Factor Auth Provider and assign it to your directory or assign licenses to your Azure AD Premium or EMS users. Azure Multi Factor Authentication is included in Azure Active Directory Premium and as a result it is also included with the Enterprise Mobility Suite. If you have Azure AD Premium or EMS you do not need to create a Multi-Factor Auth Provider, rather to enable MFA for an Azure AD Premium or EMS user, an Azure AD Premium or EMS license needs to be assigned to that user and then an Administrator can assign MFA to the user through the management portal. See the section below on how to assign licenses to users.
Turn on Multi-Factor Authentication for your users
3. Enable Azure MFA on your users either through the Office 365 or Azure portal. See the section below for information on how to do this.
Send email to end users to notify them about MFA
4. Once a user has had multi-factor authentication turned on for their account, it is recommended that you send them an email notifying them of this. The user will be prompted to complete the process the next time they sign-in, so this lets them no what to expect. See the section below for an example email template.
Anyone got any confirmed answer for this?
Passed 70-346 exam on my first try with a score of 845. About 10-20 new questions in my exam, and some of the questions’ wording also have been changed. Make sure you know ADFS, Azure AD Powershell commands and the differences in all Office 365 plans. I learned the passleader 70-346 dumps (http://www.passleader.com/70-346.html), all new questions were available, and most of the questions’ answers have been corrected by passleader!
Agreed with Spaceworms answer.
https://azure.microsoft.com/en-us/documentation/articles/multi-factor-authentication-get-started-cloud/
1. Create a multi-factor authentication provider with the Per Enabled User usage model
2. Enable multi-factor authentication for all user accounts
3. Instruct users to use a mobile phone to complete the registration process
domain based filtering doesn’t exclude it includes. Why are all these answers so sh!t?
1. Create a multi-factor authentication provider with the Per Enabled User usage model
2. Enable multi-factor authentication for all user accounts
3. Instruct users to use a mobile phone to complete the registration process
https://blogs.technet.microsoft.com/canitpro/2014/08/14/step-by-step-enable-multi-factor-authentication-in-azure/
Bas could possibly be correct if creating an app password was one of the options…
You can check the right answers of any Microsoft Question on Examstraining. Examstraining provide valid Microsoft certification question answers. Study every question until you know why it is correct because some of the questions are slightly different in the exam – but if you understand the questions here you can get them right.
http://www.examstraining.com/
Elearningexams is providing 70-346 dumps with exam pass guarantee and money back guarantee. We are providing these 70-346 practice test questions answers in printable PDF and test engine online practice.
http://www.examstraining.com/category/70-346
Examstraining is providing 70-346 dumps with exam pass guarantee and money back guarantee. We are providing these 70-346 practice test questions answers in printable PDF and test engine online practice.
http://www.examstraining.com/category/70-346