Microsoft Azure Architect Design (AZ-304) Practice Test

What is the most effective way to ensure all employees and contractors use two-factor authentication in Azure at minimal cost?

• A. Purchase Azure Multi-Factor Authentication licenses for employees and contractors
• B. Use the Multi-Factor Authentication provider and set usage models for each enabled user
• C. Enforce MFA through Conditional Access policies for all users
• D. Implement MFA for contractors only

The correct answer is: Use the Multi-Factor Authentication provider and set usage models for each enabled user

Using the Multi-Factor Authentication provider and setting usage models for each enabled user is a practical approach to ensure that all employees and contractors utilize two-factor authentication effectively while managing costs. This option allows for a more flexible and scalable implementation of multi-factor authentication (MFA). By utilizing the built-in MFA capabilities of Azure, organizations can tailor the use of MFA to specific user groups or conditions. This means that instead of incurring the cost of purchasing separate licenses for each user, an organization can enable MFA based on the specified usage models, which can help manage expenses while ensuring that security measures are still robust. Implementing usage models also enables an organization to adapt as needs change or to enforce MFA for different groups based on risk levels, compliance, or other factors. This adaptability can lead to a better user experience as it prevents unnecessary interruptions for those who may not need MFA for every access scenario. Overall, this method combines cost-effectiveness with the flexibility needed for varying levels of authentication, thereby making it the most effective strategy in this context.