Exam AZ-900 topic 1 question 29 discussion

If you were going thru the MS online learning like me - it talks about Conditional Access but not Identity Protection. Good to know that Conditional Access is a subset of, or a sister tool to Identity Protection.

Risk detection and remediation Identity Protection identifies risks of many types, including: Anonymous IP address use Atypical travel Malware linked IP address Unfamiliar sign-in properties Leaked credentials Password spray

Azure AD Identity Protection can automatically encourage users to change passwords when logging in from an unidentified IP, this solution meets the goal.

Yes, the solution meets the goal. Azure AD Identity Protection provides the necessary tools and policies to detect and respond to suspicious activities, such as sign-ins from unidentified IP addresses. By configuring Azure AD Identity Protection, you can set up risk-based policies that prompt users to change their passwords when a sign-in is detected from an unfamiliar or risky IP address.

Azure AD Identity Protection to detect and respond to unexpected user behaviour in Azure Active Directory.

answer is "Entra ID Protection" Please read https://learn.microsoft.com/en-us/entra/id-protection/overview-identity-protection#detect-risks NOTE: Microsoft renamed Azure Active Directory (Azure AD) to Microsoft Entra ID to communicate the multicloud, multiplatform functionality of the products, alleviate confusion with Windows Server Active Directory, and unify the Microsoft Entra product family. Microsoft Entra ID is the new name for Azure AD. The names Azure Active Directory, Azure AD, and AAD are replaced with Microsoft Entra ID. https://learn.microsoft.com/en-us/entra/fundamentals/new-name

One might think that Conditional Access can also be right choice. Because you can create a Conditional Access policy that triggers a password change requirement based on the risk level of the sign-in attempt. In this specific scenario, Azure AD Identity Protection is highly relevant because it is designed to automatically detect and respond to risky sign-ins, which aligns directly with the requirement.

Azure AD is now Entra ID

A

A. Yes Azure AD Identity Protection is a comprehensive solution that helps you protect your organization's identities and detect and respond to potential identity-related risks. One of its features is the ability to configure risk-based policies. In this case, you can set up a risk-based policy that triggers a password change prompt for users when they connect to Azure AD via the internet from an unidentified IP address. This helps enhance security by encouraging users to change their passwords in case of suspicious activity. So, the solution of configuring Azure AD Identity Protection meets the goal of encouraging users to change passwords under specific risk conditions.

Yes, Correct answer is Azure AD Identity Protection. https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/

yes, this the type of the protection

Azure AD Identity Protection is a range of possible measures that you can take to protect your system based on some "conditions" that you can configure Conditional Access is part of Azure AD Identity Protection. https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-policies

Yes as Identity Protection is a sub setting of Conditional access. I originally wanted to say NO but after viewing the linked article it is clear that A:YES is the correct answer here.

A. Yes - Azure AD Identity Protection is the best solution because it can detect and identify risk, where Conditional Access controls access to Azure AD applications.

https://docs.microsoft.com/zh-tw/azure/active-directory/identity-protection/concept-identity-protection-policies

I think the correct answer is "B". "Conditional Access" grant ("Require Password Change") is the correct solution for me. Cfr. https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-grant