Microsoft Azure Architect Design (AZ-304) Practice Test

In what situation would you recommend configuring a security policy to require MFA for a specific user group?

• A. When the group contains only standard users
• B. When the group is responsible for managing sensitive data
• C. When other users in the organization do not require MFA
• D. When all users are already using Azure AD Premium

The correct answer is: When the group is responsible for managing sensitive data

Recommending the configuration of a security policy to require multifactor authentication (MFA) for a specific user group is particularly pertinent when that group is responsible for managing sensitive data. In the context of cybersecurity, sensitive data refers to any information that could lead to significant harm if compromised, such as personal identification information, financial data, or proprietary corporate information. Implementing MFA for users managing sensitive data adds an additional layer of security beyond just a username and password. This is critical because even if a password is compromised—through phishing, brute force attacks, or other means—an additional factor, such as a mobile authentication app or SMS code, would be required to gain access. This significantly reduces the risk of unauthorized access and helps to protect the integrity, confidentiality, and availability of sensitive information. In contrast, requiring MFA for standard users or users who do not handle sensitive data may not provide a proportional security improvement relative to the additional overhead and potential user resistance that MFA can generate. Thus, focusing MFA requirements on those who interact with more critical data enhances the overall security posture of the organization without unnecessarily burdening all users.