Exactprep SC-300 Questions

To prevent all users from using legacy authentication protocols when authenticating to Microsoft Entra ID, you can create a Conditional Access policy that blocks legacy authentication. Here’s how to do it:

• Sign in to the Microsoft Entra admin center:
• Navigate to Conditional Access:
• Create a new policy:
• Set users and groups:
• Target resources:
• Set conditions:
• Configure access controls:
• Enable policy:

By following these steps, you will block legacy authentication protocols for all users, enhancing the security posture of your organization by requiring modern authentication methods. Remember to monitor the impact of this policy and adjust as necessary to ensure business continuity.

To ensure that all users can consent to apps that require permission to read their user profile and prevent them from consenting to apps that require any other permissions, you can configure the user consent settings in the Microsoft Entra admin center. Here’s how you can do it:

• Sign in as a Global Administrator:
• Navigate to user consent settings:
• Configure the consent settings:
• Save the settings:

By following these steps, you will have configured the system to allow user consent for apps that need to read the user profile while blocking consent for apps that require additional permissions. This setup helps maintain user autonomy where appropriate while safeguarding against unauthorized access to broader permissions.

To deploy Multi-Factor Authentication (MFA) for only the members of the Sg-Finance group, excluding Debra Berger, and without using a Conditional Access policy, you can follow these steps:

• Open the Microsoft Entra admin center:
• Navigate to MFA settings:
• Manage user settings:
• Exclude a user from MFA:
• Verify the configuration:
• Communicate the change:
• Monitor the setup:

To configure the account lockout settings so that accounts are locked out for five minutes after 10 failed sign-in attempts, you can follow these steps:

• Open the Microsoft Entra admin center:
• Navigate to the lockout settings:
• Adjust the Smart Lockout settings:

Please note that by default, smart lockout locks an account from sign-in after 10 failed attempts in Azure Public and Microsoft Azure operated by 21Vianet tenants1. The lockout period is one minute at first, and longer in subsequent attempts. However, you can customize these settings to meet your organization’s requirements if you have Microsoft Entra ID P1 or higher licenses for your users1.