Microsoft Azure Architect Technologies (AZ-300) Practice Exam

How can multi-factor authentication be configured in Azure?

• A. Through Azure AD Identity Protection
• B. Using Azure Key Vault
• C. By enabling Azure Security Center
• D. Through Azure Information Protection

The correct answer is: Through Azure AD Identity Protection

Multi-factor authentication (MFA) in Azure can be primarily configured through Azure AD Identity Protection. This service provides capabilities that help secure user identities by requiring additional verification methods beyond just a password. With Azure AD Identity Protection, administrators can set policies for MFA that dictate when and how users must provide additional authentication factors based on their sign-in behavior and the context of the access request. Azure AD Identity Protection allows for the configuration of risk-based conditional access policies, which can trigger MFA based on various parameters such as user location, device compliance, risk level, and more. This flexibility makes it a powerful tool for enhancing security and safeguarding sensitive data within Azure environments. The other options, while important components of Azure's security suite, do not serve the purpose of managing multi-factor authentication directly. Azure Key Vault is designed for managing cryptographic keys and secrets but is not related to MFA configuration. Azure Security Center provides a unified security management system but does not directly handle user authentication methods. Azure Information Protection focuses on protecting sensitive information through data classification and labeling but does not deal with authenticating users. Thus, the correct configuration of multi-factor authentication is effectively achieved through Azure AD Identity Protection.