Q: 7
You have a Microsoft 36S ES subscription that contains a Windows 11 device named Device 1 and
three users named User 1. User2. and User3.
You plan to deploy Azure Information Protection (AIP) and the Microsoft Purview Information
Protection client to Device 1.
You need to ensure that the users can perform the following actions on Device1 as part of the
planned deployment
• User 1 will test the functionality of the client.
• User2 will install and configure the Microsoft Rights Management connector.
• User3 will be configured as the service account for the information protection scanner.
The solution must maximize the security of the sign-in process for the users What should you do?
Options
Discussion
Probably B, since passwordless authentication boosts security for both service and interactive accounts. User2 and User3 are handling service-level stuff like the connector and scanner, so they benefit most from it. Traditional MFA wouldn't really fit those roles. If I'm missing something about how they log in for setup, let me know.
I don’t think it’s B. D makes more sense if you want strong security for all three users, since enabling passkey (FIDO2) means everyone would have phishing-resistant sign-in. Even if User3 is a service account, you could technically assign FIDO2, though setup might be tricky. Pretty sure about this but open to other views.
Not D, B. Similar questions in the official docs recommend passwordless methods for service and admin accounts.
B
Seriously wish they'd clarify if "maximize security" means for EVERY user, or just for service/service-like accounts. B
Be respectful. No spam.
