Note: This question is part of a series of questions that present the same scenario.
Each question in the series contains a unique solution that might meet the stated goals.
Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it.
As a result, these questions will not appear in the review screen.
Your company has an Azure Active Directory (Azure AD) environment.
Users occasionally connect to Azure AD via the Internet.
You need to ensure that users who connect to Azure AD via the internet using an unidentified IP address, are automatically instructed to change their passwords.
Solution: You configure the use of Azure Key Vault.
Does the solution meet the goal?
Click on the arrows to vote for the correct answer
A. B.B.
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-sign-in-risk-policyNo, the solution provided does not meet the stated goal of ensuring that users who connect to Azure AD via the internet using an unidentified IP address are automatically instructed to change their passwords.
Configuring the use of Azure Key Vault does not address the goal of automatically instructing users to change their passwords when they connect to Azure AD via the internet using an unidentified IP address. Azure Key Vault is a cloud service that provides secure storage for cryptographic keys and secrets, which can be used to encrypt and decrypt data or authenticate to services. It is not designed to enforce password change policies or manage user authentication.
To meet the stated goal, you would need to implement Azure AD Conditional Access policies that require users to change their passwords when they connect to Azure AD via the internet using an unidentified IP address. Azure AD Conditional Access allows you to define policies that evaluate conditions based on user or device attributes, such as IP address, and apply controls such as multi-factor authentication, device compliance checks, or password change requirements.
Therefore, the correct answer is B. No, the solution does not meet the goal.