Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company has an Azure Active Directory (Azure AD) environment. Users occasionally connect to Azure AD via the Internet.
You have been tasked with making sure that users who connect to Azure AD via the internet from an unidentified IP address, are automatically encouraged to change passwords.
Solution: You configure the use of Azure AD Identity Protection.
Does the solution meet the goal?
Click on the arrows to vote for the correct answer
A. B.A
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-sign-in-risk-policyThe provided solution to modify a network security group (NSG) can meet the goal of ensuring that VM1 is accessible from the Internet over HTTP.
A network security group (NSG) is a set of rules that controls inbound and outbound network traffic to an Azure virtual network. By modifying the rules of an NSG, you can control the traffic that is allowed to or from virtual machines in the network.
To allow VM1 to be accessible from the Internet over HTTP, you would need to modify the NSG that is associated with the virtual network that VM1 is connected to. Specifically, you would need to add an inbound security rule to allow traffic from the Internet to reach VM1 over the HTTP protocol.
The rule would need to have the following properties:
Once this rule is added to the NSG, traffic from the Internet over HTTP will be allowed to reach VM1, and it will be accessible from the Internet.
Therefore, the solution of modifying an NSG can meet the goal of ensuring that VM1 is accessible from the Internet over HTTP. The answer is A. Yes.
Yes, the solution meets the goal.
Azure AD Identity Protection is a cloud-based security service in Azure AD that uses machine learning algorithms to detect potential threats and risky user activities. It provides a variety of capabilities to help you protect user identities and detect potential vulnerabilities in your organization's environment.
One of the capabilities of Azure AD Identity Protection is the ability to create conditional access policies that can enforce additional security requirements when users sign in from risky locations or on risky devices. In this case, you can create a conditional access policy that requires users to change their passwords if they sign in from an unidentified IP address.
When a user signs in from an unidentified IP address, Azure AD Identity Protection will trigger the conditional access policy and prompt the user to change their password before allowing them to access any Azure AD resources. This ensures that only authorized users can access your organization's resources and that their accounts remain secure even if their passwords are compromised.
Therefore, configuring the use of Azure AD Identity Protection is an effective solution for automatically encouraging users to change passwords when they connect to Azure AD via the internet from an unidentified IP address.