Q: 6
You have an Azure AD tenant that has multi-factor authentication (MFA) enforced and self-service
password reset (SSPR) enabled.
You enable combined registration in interrupt mode.
You create a new user named User1.
Which two authentication methods can User1 use to complete the combined registration process?
Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
Options
Discussion
Microsoft changes things so often it's hard to keep up. I'd choose D and C, since email OTP and Windows Hello seem like valid auth methods for SSPR/MFA registration. Might have missed a recent update though.
Wouldn't B be a trap here since hardware tokens need admin setup, not available at first login?
Probably A and E. B looks tempting but hardware tokens need extra admin steps, not available for self-service at combined reg.
Makes sense, A and E. Combined reg only lets you set up FIDO2 keys and Microsoft Authenticator from the start.
A and E are correct here. FIDO2 security keys and Microsoft Authenticator app are the two supported methods during initial combined registration. D (Windows Hello) needs device enrollment first, so it's a common trap. Pretty sure on this based on recent exam updates, but open to correction if Azure changed something.
A and E
A and E imo, matches what official practice tests and Azure docs say new users can actually use here.
Probably A and E, since those are actually available when doing combined self-registration for MFA/SSPR. D requires device enrollment first.
C/D? I thought email OTP (C) was still supported for SSPR and Windows Hello for Business (D) is listed as a method sometimes. Maybe I'm missing something with registration flow specifics, but I think one of those fits here.
A and E tbh, that's what shows up in the exam guides and Microsoft's docs.
Be respectful. No spam.
