Note: This question is part of a series of questions that present the same scenario.
Each question in the series contains a unique solution that might meet the stated goals.
Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it.
As a result, these questions will not appear in the review screen.
Your company has an Azure Active Directory (Azure AD) environment.
Users occasionally connect to Azure AD via the Internet.
You need to ensure that users who connect to Azure AD via the internet using an unidentified IP address, are automatically instructed to change their passwords.
Solution: You configure the use of Azure AD Privileged Identity Management.
Does the solution meet the goal?
Click on the arrows to vote for the correct answer
A. B.B.
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-sign-in-risk-policyThe solution proposed in the question, which is to configure the use of Azure AD Privileged Identity Management, does not meet the stated goal of automatically instructing users who connect to Azure AD via the internet using an unidentified IP address to change their passwords. Therefore, the correct answer is B. No.
Azure AD Privileged Identity Management is a service that allows you to manage, control, and monitor access to resources within Azure AD. It is primarily used for managing privileged identities, such as administrators, in your Azure AD environment. It does not, however, provide the functionality to automatically instruct users to change their passwords based on the identification of their IP address.
To achieve the stated goal, you could use Azure AD Conditional Access policies. Azure AD Conditional Access allows you to create policies that evaluate conditions, such as the location of the user or the device they are using, and take actions, such as requiring the user to change their password or denying access to the application. You could create a Conditional Access policy that requires users to change their passwords if they connect to Azure AD via the internet using an unidentified IP address.
To create this policy, you would first need to create a named location for your company's office network(s) using the IP address range(s) used by those networks. You would then create a Conditional Access policy that requires users to change their passwords if they are connecting to Azure AD from outside of the named location, and have not already changed their password within a specified time period.
In summary, while Azure AD Privileged Identity Management is a useful service for managing privileged access within your Azure AD environment, it does not provide the necessary functionality to meet the stated goal of automatically instructing users who connect to Azure AD via the internet using an unidentified IP address to change their passwords. Azure AD Conditional Access, on the other hand, does provide this functionality and could be used to achieve the stated goal.