🔥 3-day streak
Microsoft Identity and Access Administrator20 / 126
Question 20 of 126

Your organization is deploying Entra certificate-based authentication (CBA) for a group of high-privilege administrators who use smart cards. Security requires that these admins satisfy the multifactor authentication requirement using only their certificate, and that the certificate be validated against a specific policy OID. During pilot testing, admins report they can sign in but are still being prompted for a second factor after presenting their certificate. Which configuration change in the Entra admin center resolves this while enforcing the OID requirement?

Reviewed for accuracy · Report an issueNext question