Free Actual MS-102 Actual Exam Questions – Microsoft 365 Administrator - Question 8 Discussion
HOTSPOT You have a Microsoft 365 E5 subscription that contains the users shown in the following table. Each user has an Android device with the Microsoft Authenticator app installed and has set up phone sign-in. The subscription has the following Conditional Access policy: • Name: Policy1 • Assignments o Users and groups: Group1, Group2 o Cloud apps or actions: All cloud apps • Access controls o Grant Require multi-factor authentication • Enable policy: On From Microsoft Authenticator settings for the subscription, the Enable and Target settings are configured as shown in the exhibit. (Click the Exhibit tab.) 
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. 
I see why B and D are Yes since those users are in the targeted groups. For A, even though User1 is in Group1, phone sign-in might bypass traditional MFA prompts, so it could be tricky but likely No here.
I’m with the idea that the policy only impacts users in Group1 and Group2. So users outside those groups, like User3 and User5, wouldn’t have MFA enforced by Policy1, making their answers No. Also, the phone sign-in feature doesn’t bypass MFA requirements; it just offers a different way to authenticate. So even if a user has phone sign-in enabled, if they’re in a targeted group, MFA is still required. That supports Yes for User2 and User4 but No for the others not in those groups.
C and E are no because the policy doesn’t include those users’ groups.
I think C should be No because User3 isn’t in Group1 or Group2, so the policy doesn’t apply to them. Also, E is No for the same reason—they’re not in the targeted groups. The MFA requirement only kicks in for users in Group1 or Group2, so A and E are not affected by this Conditional Access policy at all. That matches up with the settings shown in the Authenticator app too, where the policy only covers those groups.
I’m with the others on this. Since the policy targets Group1 and Group2 only, User1 (A) isn’t affected, so No makes sense there. Both User2 (B) and User4 (D) are in those groups, so they have MFA enforced, so Yes fits. User3 (C) and User5 (E) aren’t in those groups either, so No for them. The policy clearly controls access based on group membership, so anyone outside those groups won’t have MFA required here.
B and D make sense as yes since those users are in targeted groups.
A, no because User1 isn't in Group1 or Group2.
B, yes; C, no; D, yes; E, no.