This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
An organization wants to enforce phishing-resistant MFA for its privileged administrators. Which of the following authentication methods qualifies as phishing-resistant?
SMS one-time passcode
FIDO2 security key
OATH hardware token
A security architect is designing MFA enforcement for all users in a Microsoft Entra ID tenant. Which mechanism does Microsoft recommend over per-user MFA or security defaults for most organizations?
Enabling security defaults in the Microsoft Entra admin center
Enabling per-user MFA for every account
Using Conditional Access policies to require MFA
A company is deploying passwordless authentication. Frontline workers share physical kiosks in a warehouse and don't have assigned Windows laptops. Which passwordless method is the best fit for this persona?
Windows Hello for Business
Synced passkey stored in a password manager
An administrator is reviewing which authentication methods are eligible for self-service password reset (SSPR). Which of the following methods is NOT supported for SSPR?
Mobile app code (TOTP from Microsoft Authenticator)
FIDO2 security key / passkey
Email address verification
A help desk technician needs to onboard a new employee who has no existing authentication methods registered. The technician wants to issue a short-lived credential that lets the employee securely complete first-time MFA registration. Which feature is designed for this purpose?
Send a password
A Conditional Access policy scoped to the 'Register security information' user action
Temporary Access Pass (TAP)
You must answer all questions before checking your work.
Was this page helpful?
Need help with this topic?
Want to try using Ask Learn to clarify or guide you through this topic?