Practice free →
HomeAzure AZ-500cloudcomputingaz500identityaccess › Which Microsoft Entra capability lets an admin e…

Which Microsoft Entra capability lets an admin enforce per-user MFA via a Conditional Access policy WITHOUT relying on legacy per-user MFA toggles?

ADisabling MFA entirely
BPer-user MFA enabled/disabled toggles in the legacy MFA portal
CConditional Access policy requiring MFA as a grant control
DSharing the global admin password during incidents
Answer & Solution
Correct answer: C. Conditional Access policy requiring MFA as a grant control
Conditional Access MFA grant-control is the modern primitive (per AZ-500 §1 MFA). The legacy per-user toggle is being phased out; the others are textbook insecurity.
Solve this in the app — Azure AZ-500 practice & 24k+ MCQs →
Related questions