Exam MS-102 topic 1 question 89 discussion

B. a trusted location By configuring a trusted location, you can exempt the VDI solution from the risk policy's scrutiny. This way, users accessing Microsoft 365 through the VDI solution won't trigger the risk policy and won't be regularly blocked when using it.

Right answer is B

By defining the VDI’s IP range as a trusted location, you can reduce the likelihood of sign-in attempts being flagged as high-risk.

When users are regularly blocked from accessing Microsoft 365 services while using a corporate Virtual Desktop Infrastructure (VDI) solution, it’s likely due to the sign-in risk policy detecting something unusual about the sign-ins from the VDI environment. To address this issue without compromising security, you should configure a trusted location. By setting up a trusted location in Azure AD, you can define a named location that is considered safe. Sign-ins from this location are less likely to be marked as risky, which can help prevent legitimate users from being blocked when accessing Microsoft 365 services from the VDI solution. So, the correct answer is: B. a trusted location. This will allow users to access Microsoft 365 without being impeded by the sign-in risk policy when they are signing in from the VDI environment, which is considered a secure and controlled access point.

Chat GPT response In this scenario, users are regularly being blocked when attempting to access Microsoft 365 via the corporate Virtual Desktop Infrastructure (VDI) solution after enabling a sign-in risk policy in Azure AD Identity Protection. To address this issue, you should consider configuring: C. a Conditional Access policy exclusion

B is correct

CORRECT ANSWER SHOULD BE C

Answer B. Configured trusted network locations are used by Identity Protection in some risk detections to reduce false positives. https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-risk-policies