100% Real Microsoft 365 Certified: Security Administrator Associate Certification Exams Questions & Answers, Accurate & Verified By IT Experts
Instant Download, Free Fast Updates, 99.6% Pass Rate.
Microsoft 365 Certified: Security Administrator Associate Certification Exam Dumps & Practice Test Questions
Prepare with top-notch Microsoft 365 Certified: Security Administrator Associate certification practice test questions and answers, vce exam dumps, study guide, video training course from ExamCollection. All Microsoft 365 Certified: Security Administrator Associate certification exam dumps & practice test questions and answers are uploaded by users who have passed the exam themselves and formatted them into vce file format.
Let's go through the process now of looking at our multi-factor authentication and how we can configure it. OK, so I'm here on Portal, dot Azure.com. I'm going to click on the little menu button here, and we're going to go to our Azure Active Directory. So click on that. Then we'll take a look at our Users blade. so we're going to click Users. All right. Now if you look over to the right here, you're going to notice that there is a little ellipse symbol. Now I want to tell you that, depending upon the resolution of your monitor, you're going to be able to click that ellipse symbol and see multi-factor authentication. Or you may just see multi-factor authentication right here in the menu bar. OK, so just a heads up on that. Maybe in the ellipse symbol, or maybe right here in the menu bar. So we're going to go ahead and click on that. That's going to bring up multifactor authentication. All right. You'll notice it's a separate site that pops up for us. Okay. And then at that point, I can select the users that I want to turn this on for. So if I want, let's do this. User: Alex Rogers. We'll select that user and look over here to the right. I can click enable under the quick steps option. OK? And then it says about enabling multifactor auth. So if your users do not regularly sign in through thebrowser, you can send them to this link to register. So if you wanted to say, Hey, you need to register with MFA, you could send that email. Shoot them an email with that link in it. Of course, when they try to log on, it's going to ask them to put in their information. Now if they haven't already put in likecell phone and email address and all that,of course then it's going to prompt them. But if they have, then it would expect them to already be able to prove who they are. so I'm just going to click enable. All right. So now that's enabled. Now I want to show you something else here. All right, so we've turned that on with this user. We have a Manage User Settings option. And notice it says to require selected users to provide contact methods again. So this is a situation where you want to force the user to put that information back in again. It says to delete all existing app passwords generated by selected users. You can do that. So this makes it so that they've set an app password. They can get back into that app with a password or through the app if they need to, with the help of multifactor authentication. Restore multifactor authentication to all Remember devices. You can do that as well. All right, so these are your different options here. I can hit cancel on that. I'm going to go up here to the service settings. All right, we'll take a look at our service settings. So you have app passwords right here. Now you just saw a reference to that. It says, Allow users to create app passwords to sign in to non-browser apps. This allows them to associate app passwords with different apps they're using so they don't constantly get prompted and can continue to use those specific apps. You could simply turn that off. Do not allow users to create app passwords to sign into non-browser apps. Okay? "Skip multifactor authentication for requests from Federated users on my intranet," I can now say. as well as Internet users I can basically set up a range here. So skip the multi-factor authentication for users from the following IP subnet. So you can put a subnet range inthere if you wanted to, down here towardsthe bottom of the methods available to users. I can say phone call, text message to phone notifications via mobile app, or verification code. So I can select the ones here that I want. Okay? And then it says, Remember multifactor authentication. Allow users to remember multifactor authentication on devices they trust for days before the device must reauthenticate. and that's set to 14 days by default. Okay? So, as you can see, setting up multifactor authentication isn't too difficult. The key is, of course, that we must have a licence that supports it for our users. Like Alex Rogers here. We look at Alex Rogers. We click licenses. Alex Rogers has the EMS subscription. The Mobility subscription EMS does come with a multi-factor authentication license. And remember, of course, you can get that separately if you want to as well. All right. So all in all, we click on our users as well. Our users' contact information can be configured here. Some of the contact info is here. But also, if you look over here to the left, you're going to see authentication methods and information that can be put here. As you can see, this information is not populated here. So currently, it wouldn't be able to utilise that. Also notice at the top ofthis require re register for MFA. You can force that if you want. Make them re-register with MFA from this point forward. You can also revoke MFA if you want. Revoke MFA sessions. Basically. From there they can't use it, and it would force them in this case if you don't want them using MFA to get in. You can block the user altogether if you want, or you can just require them to put their MFA back in. Okay. All in all, though, again, when configuring MFA, there's not too much going on there, not too complex, as I think you'll see. And it's one of those things where once you configure it through your different users, it's a really, really powerful tool in our environment to prevent identity theft, essentially. Somebody stealing somebody's identity information and being able to log on as that person Because they're going to have to prove, using that multi-factor authentication, who they are.
Now we're going to step through the enable multifactor authentication for Alexandra Smith tutorial. So this is going to be a little hands-on tutorial. You guys will get a chance to practice. First step. Go to portal.Dot Azure.com.So we're going to go there. Drop down the menu, click on Azure Active Directory, go to the user's blade, and click on the little ellipse symbol for multifactor authentication. Turn this on for that user and click enable, and we'll say "Enable multifactor authentication." Close, and there you go. So it was pretty easy, very easy, to enable that. And let me again remind you that you could do this through the Microsoft 365 portal as well. and it's very similar. Simply navigate to the users area on admin.Microsoft.com and select multi-factor authentication. You're going to go to the same area, and that's how you could enable it that way as well. So it really doesn't matter which of the two ways you go. If this is something that the lab question on the test was asking you to do, you can do it either way, and you're going. And she was referring to a goal. Again, my goal here is simply to show you one way that definitely works. Okay? Alright. So now you guys will get an opportunity to give this a shot.
So what exactly is "self service password reset"? The goal here is to allow your users to be able to reset their own passwords. Now I will tell you that by default, in your Azure Microsoft 365 environment, this feature is not turned on. Users are not able to reset their passwords. They have to get assistance in doing that. Now there is something to be said for allowing self service.This enables users to resolve issues without having to contact our administrators and rely on administrators to reset their passwords, or rely on administrators for anything. That's one of the interesting things about the direction Microsoft has been going in the cloud. You may have noticed that self-service is becoming more and more common as we move into the cloud world. Microsoft is now starting to allow things like the store for business, self service, and things like that where users can go and get apps that they need. And it's not so heavily reliant on us as administrators to do every little thing for the user. It's all about giving them privileges when they need them, but also making sure that the person is who they say they are. And that's really the key here, is that we want to allow the user to reset their passwords, but we also have to make sure that the user really is who they say they are, right? So this is really the goal of SSPR. Now what are your key benefits? One is managing cost. Again the man hours involvedin a very large environment. You have tens of thousands of users who are obtaining their passwords, fat-fingered their passwords, or whatever. This SSPR is a great benefit for us because the IT department can focus on other things other than having to reset passwords, or even a low-level help desk can focus on other things than having to reset somebody's password. Another benefit, of course, is that it's really easy to use. It's a very intuitive system. Basically, the user gets a little message when they can't log on; they can go in there and reset their password themselves. They can't log on, or if they just want to reset their password at any time, they can as long as it doesn't violate any of our policies. Another thing would be that, obviously, you get an additional boost to security with disability because you can pair this with MFA. You can require two-step verification, and it's going to increase your security by utilising that. And then lastly, we get a nice little recording system with this. Microsoft has all this auditing going on in the background with your Microsoft 365 services. I can see exactly what users are having to reset when they have to reset their passwords. And I can really track who, where, when, and how they're going about doing this. Now, one thing I did want to sayabout the self service password reset is youcould also have MFA at the same time. Do you have to have MFA? No. But you could have MFA going on at the same time. And this is a little flowchart that sort of breaks down what happens if you do. So in this case, you've got a user who's going through this process, and you'll notice that there's really a fork here. One scenario is that you have MFA enforced, and another is that you have just SSPR registration enforced. So, if you go this route, it will first say that the user has MFA enforced through the Azure console. We actually saw in our previous lesson how to do that, right? So it says users are enabled for SSP. Or if no, then it says user isrequired to register one method enabled for MFA. Okay, the if yes, the numberof methods required, one or two. One user is required to register at least one device for MFA and SSPR. Second, if they have two, the user is obviously required to do two methods. And it says at least onemethod for MFA must be enabled. So again, this is if you've turned all thison and this is the user logging on andthe users logging on the first time after you'veturned this on, they're getting this message. And this is a case where you've got MFA registration enforced. Now the other way is just SSPR enforced. So from there, you'll notice that the number of methods required to reset one user requires that they register at least one method, or two users are required to register at least two methods. OK? So again, here, it can go either way, but it really depends on what you get enforced. If you have MFA enforced with SSPR, you're going to go this route. The user is going to go this route. I should say that if you just got SSPR with noMFA enabled, it will go this route. And that's how the SSPR screen is going to work. The SSPR MFA screen is going to work when the user tries to log on for the first time after one of these or both of these have been enforced.
So here we are on portal.dot.azure.com. I'm going to click on the menu bar here. We're going to go to Azure Active Directory. Okay, the first thing I want to do is take a look at my users. So we're going to click on Users, and all right, we've got password reset right here, which we'll go to in a minute, but let's click on an actual user. So here you've got your user properties, all right, and right out of the gates, if I was an admin who had to reset a password for a user, I could simply do that right here, click on Reset Password, and I could reset the user's password. So from an admin standpoint, if you really didn't need to go through the process of resetting a user's password, you can do that easily enough by clicking on the user, going to the profile page, and then clicking Reset. Okay, another thing we've got is authentication methods for this user. So if the person did have a cell phone, an alternate phone, or an email address, these are a couple of different ways of proving two-step authentication for multifactor authentication as well. As I mentioned, we could pair those if we needed to. Okay, but if you wanted to start from the beginning with configuring SSPR, let's jump back over to Azure Active Directory. Okay, we're going to scroll down, and there is a blade called Password Reset. Now, as you can see, self-service password reset is disabled. So this is one of the things you want to make sure you know for the exam: that SSPR is turned off by default. So if you want to do it, you have to turn it on. So if I wanted to turn it on just for a select number of users, then I could do the selected option here, and then I could select Group, and then I could assign a group of users that are going to support this SSPR. Okay? In my case, I'm actually going to go with all. As a result, we'll make SSPR self-service password reset available to all users. I'm going to click on "Save." Now we're going to go to Authentication Methods and notice that you have the number of methods required to do a reset set to one. Now obviously, if I wanted to, I could selecttwo on that and then I can choose thesedifferent methods that I want to support. Depending upon your subscription, you may or may not have an office phone, but I'm going to select mobile app notification, mobile app code. This is going to allow the user to use the Authenticator app if they want, so they could pair this with the Authenticator app. Authenticator app. Another thing that I like is the security question option as well. And, once again, this is something we do on a lot of our websites. If I select Security Questions, I've got a number of questions required to register, so I could require three to five. Okay, I'm going to do three. number of questions required to reset Okay, so they have to register. You have to have three. Okay. They're probably not going to want to be required to do three and then have to reset. Set the five, right? So we're going to say that we could increase this number if we wanted to. And then from there, you can click Select Security Questions. All right. All right. And then at that point, you could go with predefined. And here are a bunch of predefined questions that Microsoft has already put together for us to use with SSPR. So I could select the ones that I want. What school did you attend? What was the first and last name of your first significant other? What was the make and model of that's good enough. So we would select those three if we wanted to. We could also create a question ourselves, so we could actually type: What is the meaning of life and everything? That'd be kind of a ridiculous question to ask somebody, right? and we could put that in there. That would be a question. All right. Anyway, so this is a simple way that you can deal with security questions. You can use the predefined ones, or of course, you could add a custom one if you wanted. All right. And then that's pretty much it. You can figure out the settings that you want here, and then it's just a matter of saving it at that point. When the next time your users log on, they're going to end up getting the prompts that we saw in our slides in one of the previous videos I did, where it's going to prompt them. And depending on if you've got MFA or SSPR enforced, it's going to go one way or the other. As I mentioned earlier, you can have both kinds of discord working together, though, as I mentioned earlier.Okay, so it's pretty easy to implement SSPR again; the hardest part is just remembering where you go, which is just to Azure AD and then to Password Reset. You can also go to Users, and you'll see a link to reset your password there as well. So it's another option for getting here.
We're now going to step through the tutorial process for enabling SSPR. Now in this little tutorial, you're essentially going to enable it for all users. And you're going to set the number of reset methods to two. So we're going to start by going to portal.dot.azure.com, going to the menu bar, clicking on Azure, ActiveDirectory, password reset, setting it to all, and clicking Save. The next step is to go to authentication methods. And again, from here, we're going to select two. Now, at that point, again, if the exam did not tell you if this was an actual lab scenario, if they do not tell you to check any of these boxes, then just leave it the way it is. Leave it as the default. If they were to ask you to select two specific ones, like mobile app notification and mobile app code, then obviously you would select those two. Those two. Don't forget, though, you need to save it when you're done. Alright, that's pretty much it. Pretty easy. little hands-on scenario, and now you're going to get an opportunity to give it a shot.
ExamCollection provides the complete prep materials in vce files format which include Microsoft 365 Certified: Security Administrator Associate certification exam dumps, practice test questions and answers, video training course and study guide which help the exam candidates to pass the exams quickly. Fast updates to Microsoft 365 Certified: Security Administrator Associate certification exam dumps, practice test questions and accurate answers vce verified by industry experts are taken from the latest pool of questions.
Microsoft Microsoft 365 Certified: Security Administrator Associate Video Courses
Top Microsoft Certification Exams
SPECIAL OFFER: GET 10% OFF
Pass your Exam with ExamCollection's PREMIUM files!
SPECIAL OFFER: GET 10% OFF
Use Discount Code:
A confirmation link was sent to your e-mail.
Please check your mailbox for a message from firstname.lastname@example.org and follow the directions.
Download Free Demo of VCE Exam Simulator
Experience Avanset VCE Exam Simulator for yourself.
Simply submit your e-mail address below to get started with our interactive software demo of your free trial.