Enforcing Password Resets for Potentially Compromised User Accounts in Microsoft 365

Enforcing Password Resets

Prev Question Next Question

Question

You have a Microsoft 365 subscription and Microsoft 365 E5 licenses assigned to your users.

You need to enforce users with potentially compromised user accounts to reset their passwords.

What should you configure?

Answers

A. Identity Protection – User risk policy

B. Conditional Access – Disable legacy authentication

C. Azure AD admin center – Self service password reset

D. Identity Protection – Sign-in risk policy.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer: A

You should create a User risk policy in Azure Identity Protection.

User risk policy will detect potential risks associated with the user account and block the user or enforce password change if the associated risk is above the configured user risk level(low, medium or high):

Home > Identity Protection

a2 Identity Protection | User risk policy

& Search (Ctel+/) «

Policy Name

© overview User risk remediation policy
X _ Diagnose and solve problems Assignments

Protect & Users

& User risk policy All users

© Sign-in risk policy User risk G

© ra registration policy

Report
ha Risky users
D. Risky sign-ins

A. Risk detections

Medium and above

Controls

Il access

Require password change

Option B is incorrect.

This will disable legacy authentication attempt to your tenant.

Option C is incorrect.

This will enable your users to reset their own password in Azure (or even in local AD if password writeback is enabled and licensing requirements are met)

Option D is incorrect.

Sign-in risk policies affects the risk associated with the sign-in, and not the user account itself.

Therefor this Is not the correct answer.

To know more about User risk policies, please refer to the link below:

The correct answer is D. Identity Protection - Sign-in risk policy.

Explanation:

In Microsoft 365, Identity Protection is a security service that can help administrators to detect and prevent potential identity-based risks. The service uses advanced analytics and machine learning to identify suspicious sign-in activities and assess the risk level of each user's account.

One of the features of Identity Protection is Sign-in risk policy. This policy allows administrators to set up rules that define the level of risk associated with each sign-in attempt. For example, a sign-in attempt from a new location or device may be considered high risk, while a sign-in attempt from a known device or location may be considered low risk.

When a sign-in attempt is flagged as high risk, the user can be required to reset their password before they can access their account. This can help prevent unauthorized access to sensitive information, even if an attacker has obtained a user's credentials.

Therefore, to enforce users with potentially compromised accounts to reset their passwords, you should configure Identity Protection - Sign-in risk policy. This will help you detect and block suspicious sign-in attempts and prompt users to reset their passwords if necessary.

Prev Question Next Question