Your network contains an Active Directory domain named contoso.com.
The domain contains 10 servers that run Windows Server 2016 and 800 client computers that run Windows 10.
You need to configure the domain to meet the following requirements:
-Users must be locked out from their computer if they enter an incorrect password twice.
-Users must only be able to unlock a locked account by using a one-time password that is sent to their mobile
phone.
You deploy all the components of Microsoft Identity Manager (MIM) 2016.
Which three actions should you perform before you deploy the MIM add-ins and extensions? Each correct
answer presents part of the solution.
A.
From a Group Policy object (GPO), configure Public Key Policies
B.
Deploy a Multi-Factor Authentication provider and copy the required certificates to the MIM server.
C.
From the MIM Portal, configure the Password Reset AuthN Workflow.
D.
Deploy a Multi-Factor Authentication provider and copy the required certificates to the client computers.
E.
From a Group Policy object (GPO), configure Security Settings.
Explanation:
-Users must be locked out from their computer if they enter an incorrect password twice. (E)
-Users must only be able to unlock a locked account by using a one-time password that is sent to their mobile
phone. (B and C), detailed configuration process in
the following web page.
https://docs.microsoft.com/en-us/microsoft-identity-manager/working-with-self-service-passwordreset#prepare-mim-to-work-with-multi-factor-authentication