You have been tasked by your company to propose an Azure AD sign-in experience for your users and need to recommend an authentication method. All devices are on Windows 10 OS. You must recommend the most secure solution. 
What should you recommend? 

Answer options:

A.SMS
B.OATH software tokens
C.Windows Hello for Business
D.Password

Correct Answer: C 
Out of these alternatives, Windows Hello for Business is considered most secure. 
It replaces passwords with strong two-factor authentication on PCs and mobile devices, and addresses the following problems with passwords: People reuse passwords on multiple sites due to difficulty to remember the password.
Users may unknowingly expose their passwords due to phishing attacks.
Server breaches can expose symmetric network credentials.
Users are exposed to replay attacks.
Review table from MS docs regarding the security level of the different authentication methods: 

Option A is incorrect. SMS-based authentication is not currently compatible with Azure AD Multi-Factor Authentication. It is not the most secure option.
Option B is incorrect. Software OATH tokens are typically applications such as the Microsoft Authenticator app and other authenticator apps. Azure AD generates the secret key that is input into the app and used to generate each OTP. Windows Hello for Business is the more secure alternative.
Option D is incorrect. Password is usually used for old applications that don`t support modern authentication and can be configured for per-user Azure AD Multi-Factor Authentication. This is the least secure alternative.
Reference: 
To know more about Windows Hello for Business, please refer to the link below: 

https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-overview