[&] Chelsea is configuring conditional policy for users of Office 365.  She wants to use app enforced restrictions.  Given the figure below, where would she click to set this?
- Cloud apps or actions
- Conditions
- Grant
- Session -- Correct

[&] INE has a user based of 10,000 users.  Of those approximately 100 need access to Azure resources.  This includes IT administrators, regional infrastructure technicians and developers. Richard, the CTO, wants to ensure that MFA is enforced any time someone uses the Azure portal. INE uses Azure AD Premium P2 licenses.  How can Richard enforce MFA with the least administrative effort?
- Create a conditional access policy and select all users. Set the Cloud apps or actions to Microsoft Azure Management.  Require MFA for the policy -- Correct
- Perform an Access Review.  Export the results to a CSV and write a script to activate MFA for all users who have accessed Azure via the portal.
- Create a security group in Azure AD named PortalUsers.  Add the users who need access to the Azure portal to the PortalUsers group.  Configure a conditional access policy the requires MFA for anyone in the group. Set the Cloud apps or actions for the policy to Microsoft Azure Management.  
- Create a security group in Azure AD named PortalUsers.  Add the users who need access to the Azure portal to the PortalUsers group.  Configure a conditional access policy the requires MFA for anyone in the group.