Microsoft Dynamics 365 Fundamentals Practice Exam

How can you enforce that only employees using approved devices are allowed to authenticate both on-prem and off-prem?

• A. Conditional Access
• B. Information Rights Management
• C. Azure AD Domain Services
• D. Enterprise Mobility + Security

The correct answer is: Conditional Access

The correct approach to enforcing that only employees using approved devices are allowed to authenticate, whether on-premises or off-premises, is through Conditional Access. This feature is a critical part of Azure Active Directory (Azure AD) that allows organizations to implement policies that provide access based on specific conditions. Conditional Access policies can be tailored to consider various factors, including the device health, user location, application sensitivity, and more. This means that you can specify that only devices that meet certain compliance criteria, such as being enrolled in a Mobile Device Management (MDM) system or having the latest security updates, are permitted to access company resources. By applying these settings, organizations can better protect their data and ensure that only authorized and secured devices are connecting to their systems. Other options, while relevant to security and identity management, do not specifically address the need for device-based access control in the same targeted way. Information Rights Management focuses more on protecting sensitive information rather than controlling access based on device compliance. Azure AD Domain Services provides domain-join and directory services, but it does not offer the conditional access capabilities necessary for this scenario. Enterprise Mobility + Security encompasses a broader suite of tools for managing identities and devices but does not provide the precise access control capabilities of Conditional Access