You need to ensure that when Azure Active Directory (Azure AD) users connect to Azure AD from the Internet by using an anonymous IP address, the users are prompted automatically to change their password.
Which Azure service should you use?
Click on the arrows to vote for the correct answer
A. B. C. D.D
Azure AD Identity Protection includes two risk policies: sign-in risk policy and user risk policy. A sign-in risk represents the probability that a given authentication request isn't authorized by the identity owner.
There are several types of risk detection. One of them is Anonymous IP Address. This risk detection type indicates sign-ins from an anonymous IP address (for example, Tor browser or anonymous VPN). These IP addresses are typically used by actors who want to hide their login telemetry (IP address, location, device, etc.) for potentially malicious intent.
You can configure the sign-in risk policy to require that users change their password.
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-sign-in-risk-policy https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risksThe correct answer for the question is D. Azure AD Identity Protection.
Azure AD Identity Protection is a service that is designed to help detect and prevent identity-based risks before they can cause any harm. It uses advanced algorithms and machine learning to analyze user activity, device information, and other factors to determine if a user's identity may have been compromised.
In this scenario, when Azure AD users connect to Azure AD from the Internet by using an anonymous IP address, it is important to ensure that their password is secure. Azure AD Identity Protection can help with this by automatically prompting the users to change their password when they connect from an anonymous IP address.
Azure AD Connect Health is a service that provides monitoring and insights into the health and performance of Azure AD Connect, which is used to synchronize on-premises directories with Azure AD. It is not related to the scenario described in the question.
Azure AD Privileged Identity Management is a service that enables just-in-time access control for privileged Azure AD roles. It is used to manage and monitor access to Azure AD resources by privileged users. It is not related to the scenario described in the question.
Azure Advanced Threat Protection (ATP) is a service that provides advanced threat protection for on-premises Active Directory environments. It uses machine learning and behavioral analytics to detect suspicious activity and potential threats. It is not related to the scenario described in the question.