Note: This question is part of a series of questions that present the same scenario.
Each question in the series contains a unique solution that might meet the stated goals.
Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it.
As a result, these questions will not appear in the review screen.
You have a Microsoft 365 tenant.
All users must use the Microsoft Authenticator app for multi-factor authentication (MFA) when accessing Microsoft 365 services.
Some users report that they received an MFA prompt on their Microsoft Authenticator app without initiating a sign-in request.
You need to block the users automatically when they report an MFA request that they did not initiate.
Solution: From the Azure portal, you configure the Account lockout settings for multi-factor authentication (MFA)
Does this meet the goal?
Click on the arrows to vote for the correct answer
A. B.B.
You need to configure the fraud alert settings.
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettingsThe solution mentioned in the scenario will not meet the stated goal of automatically blocking users who report an MFA request that they did not initiate.
The Account lockout settings for MFA in Azure portal is used to configure the number of sign-in attempts a user can make before being locked out of their account. This setting is not related to blocking users automatically when they report an MFA request that they did not initiate.
To achieve the stated goal, Conditional Access policies in the Azure portal can be used. These policies can be configured to block access to Microsoft 365 services for users who report an MFA request that they did not initiate. This can be done by configuring a policy that checks for the presence of a sign-in risk event and the user risk event. If both events are detected, it indicates that the user may be compromised, and the policy can be configured to block access for that user.
Therefore, the correct answer is B. No, the solution mentioned in the scenario does not meet the stated goal of automatically blocking users who report an MFA request that they did not initiate.