You have an Azure Active Directory (Azure AD) tenant named contoso.com that has Azure AD Identity Protection enabled.
You need to implement a sign-in risk remediation policy without blocking user access.
What should you do first?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
MFA and SSPR are both required.However, MFA is required first.
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-remediate-unblock https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-deploymentTo implement a sign-in risk remediation policy without blocking user access in an Azure AD tenant with Azure AD Identity Protection enabled, the first step is to configure Conditional Access policies.
Conditional Access policies provide a set of flexible controls that can be used to help secure access to cloud apps based on specific conditions, such as the user's sign-in risk level, location, device, or application. With Conditional Access policies, you can require users to provide additional authentication factors, block access entirely, or allow access but restrict actions based on the risk level.
To implement a sign-in risk remediation policy without blocking user access, you can configure a Conditional Access policy that requires users to perform additional authentication factors when their sign-in risk level is considered medium or high. This way, users can still access their resources but will be required to provide additional verification to ensure their identity.
The correct answer is, therefore, D. Implement multi-factor authentication (MFA) for all users.
Option A, configuring access reviews in Azure AD, is not directly related to implementing a sign-in risk remediation policy. Access reviews are used to identify and remove excessive access rights from users or groups, helping to ensure that only the right people have access to the right resources.
Option B, enforcing Azure AD Password Protection, is also not directly related to implementing a sign-in risk remediation policy. Azure AD Password Protection helps prevent weak or compromised passwords from being used in your organization by checking for banned passwords and enforcing password complexity requirements.
Option C, configuring self-service password reset (SSPR) for all users, is not directly related to implementing a sign-in risk remediation policy without blocking user access. SSPR allows users to reset their own passwords without needing to contact an administrator for assistance.