Exam MS-900 topic 1 question 417 discussion

Provided answers are correct: Named location can be used to block access from countries/regions where the organization knows traffic shouldn’t come from. This can help to prevent unauthorized access to resources and reduce the risk of data breaches. User risk can be used to detect and respond to risky sign-in behavior. This can include sign-ins from unfamiliar locations or devices, sign-ins from anonymous IP addresses, or sign-ins from infected devices. By detecting and responding to risky sign-in behavior, organizations can help to prevent unauthorized access to resources and protect sensitive data

he company should use the following two conditional access signals: User or Group Membership: Policies can be targeted to specific users and groups, giving administrators fine-grained control over access1. In this case, the company can target the policies to the employees who are traveling out of the country/region1. IP Location Information: Organizations can create trusted IP address ranges that can be used when making policy decisions1. Administrators can specify entire countries/regions IP ranges to block or allow traffic from1. In this scenario, the company can set up policies to protect employee devices when they are out of the country/region1. These signals, combined with the requirement for employees to use a corporate computer and the Microsoft Authenticator app, will help ensure that the company’s data remains secure even when employees are traveling1.