Exam SC-900 Topic 2 Question 145 Discussion
Actual exam question for Microsoft's SC-900 exam
Question #: 145
Topic #: 2
Question #: 145
Topic #: 2
Select the answer that correctly completes the sentence.


Suggested Answer:

Explanation:

Microsoft states that Security defaults are baseline protections in Azure Active Directory (now Microsoft Entra ID) that "make it easier to help protect your organization from identity-related attacks." One of the core behaviors is that security defaults "require all users to register for Azure AD Multi-Factor Authentication," and enforce "multi-factor authentication for all users," with special emphasis that "administrators are required to do multi-factor authentication." Security defaults also "block legacy authentication" and add protections for privileged operations, but the universal control that applies to every user is MFA. Importantly, enabling security defaults does not turn on paid capabilities such as Azure AD Identity Protection or Privileged Identity Management (PIM); those are separate, premium features. The baseline is intentionally simple and tenant- wide: require MFA registration, challenge with MFA when risk or sensitive operations are detected, and reduce exposure by disabling legacy protocols. Therefore, when you enable security defaults, multi-factor authentication (MFA) will be enabled for all Azure AD users, aligning with Microsoft's guidance that security defaults "help protect all organizations by requiring MFA and disabling legacy authentication."
by Doreen at Jul 10, 2026, 11:36 PM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).