Connectivity between On-Premises and Azure Virtual Machines
Question
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company has an Azure Active Directory (Azure AD) environment. Users occasionally connect to Azure AD via the Internet.
You have been tasked with making sure that users who connect to Azure AD via the internet from an unidentified IP address, are automatically encouraged to change passwords.
Solution: You configure the use of Azure AD Privileged Identity Management.
Does the solution meet the goal?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B.B
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-sign-in-risk-policyNo, modifying a DDoS protection plan will not meet the goal of ensuring that a virtual machine named VM1 is accessible from the Internet over HTTP.
DDoS (Distributed Denial of Service) protection plans are used to protect resources from DDoS attacks. They do not provide network connectivity or allow external access to resources such as virtual machines.
To allow external access to a virtual machine over HTTP, you need to perform the following steps:
Assign a public IP address to the virtual machine. You can either use an existing public IP address or create a new one.
Configure a network security group (NSG) to allow inbound HTTP traffic (port 80) to the virtual machine.
Configure the virtual machine's firewall to allow inbound HTTP traffic (port 80).
Once these steps are completed, the virtual machine will be accessible from the Internet over HTTP using the public IP address assigned to it.
Therefore, the correct solution to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP is to assign a public IP address to the virtual machine and configure the necessary network security group and firewall rules to allow inbound HTTP traffic to the virtual machine.
No, the solution of using Azure AD Privileged Identity Management does not meet the specified goal of automatically prompting users to change their passwords when they connect to Azure AD from an unidentified IP address.
Azure AD Privileged Identity Management is a solution that helps organizations to manage, monitor, and audit access to privileged accounts within their Azure AD environment. It provides just-in-time privileged access to Azure AD resources and helps to prevent unauthorized access to sensitive information.
However, Azure AD Privileged Identity Management does not have a feature to prompt users to change their passwords when they connect to Azure AD from an unidentified IP address. Instead, a possible solution for this scenario would be to use Azure AD Conditional Access policies.
Azure AD Conditional Access policies enable organizations to define access rules based on various conditions, including the user's location, device, and IP address. Organizations can create a conditional access policy that requires users to change their password when they connect to Azure AD from an unidentified IP address. This policy can be enforced by requiring multi-factor authentication, which provides an additional layer of security to the authentication process.
In summary, the solution of using Azure AD Privileged Identity Management does not meet the specified goal of automatically prompting users to change their passwords when they connect to Azure AD from an unidentified IP address. The more appropriate solution for this scenario would be to use Azure AD Conditional Access policies.
