You've been tasked with protecting the VPN. What do you need to do first?

Written by John Gruber Published on Last Updated on

Your organization has a Microsoft 365 tenant with AD Connect syncing your on-premises AD to Microsoft 365. All computers are running Windows 10 and are configured to use Microsoft Intune.

You've been tasked with protecting the VPN. Your manager has asked you to require every computer connecting to the VPN is marked as compliant.

What do you need to do first?

Configure authentication methods in the Azure AD admin center.

From the Azure AD admin center, enable Application Proxy.

Create a Dynamic Access Control policy in the Azure AD admin center.

From the Azure AD admin center, create a new certificate.

Click to show answer

It's not very common so it's not included in the documents in this training but the correct steps are: Create a root certificate in Azure AD > Deploy the conditional access root certificate to on-premises AD > Configure the Conditional Access policy in Azure AD > Create an OMA-DM based VPNv2 Profile for Windows 10 devices.

https://docs.microsoft.com/en-us/windows-server/remote/remote-access/vpn/ad-ca-vpn-connectivity-windows10

< Previous Next > Skip Exam >>