Home › Azure AZ-500 › cloudcomputing › az500identityaccess › Which Microsoft Entra capability lets an admin e…
Which Microsoft Entra capability lets an admin enforce per-user MFA via a Conditional Access policy WITHOUT relying on legacy per-user MFA toggles?
ADisabling MFA entirely
BPer-user MFA enabled/disabled toggles in the legacy MFA portal
CConditional Access policy requiring MFA as a grant control
DSharing the global admin password during incidents
Answer & Solution
Correct answer: C. Conditional Access policy requiring MFA as a grant control
Conditional Access MFA grant-control is the modern primitive (per AZ-500 §1 MFA). The legacy per-user toggle is being phased out; the others are textbook insecurity.
Related questions
Which Microsoft Entra ID feature lets a security engineer detect risky user behaviour (impWhich Microsoft Entra ID feature lets a developer register an app and obtain a CLIENT ID aWhich Azure / Microsoft Entra feature lets an admin enforce 'block sign-in from countries Which Microsoft Entra ID feature lets an admin enforce 'every privileged role activation mWhich Microsoft Entra ID feature lets an admin define a custom role with EXACTLY the actioWhich Microsoft Entra ID feature should an admin use to require user CONSENT to specific OWhich Azure resource feature lets an Azure VM / App Service / Function App authenticate toWhich Microsoft Entra ID construct represents the identity of a non-human workload (an app