You need to recommend a solution for the security administrator. The solution must meet the technical requirements. What should you include in the recommendation?
A.
Microsoft Azure Active Directory (Azure AD) Privileged Identity Management
B.
Microsoft Azure Active Directory (Azure AD) Identity Protection
C.
Microsoft Azure Active Directory (Azure AD) conditional access policies
D.
Microsoft Azure Active Directory (Azure AD) authentication methods
Requirement: high sign-in risk -> MFA. This is clearly an Identity Protection policy
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-policies
I should be B and yet the RISK based conditions are not available in Conditional Policy.
https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-risk-policies#migrate-risk-policies-from-identity-protection-to-conditional-access
Identity Protection policies
While Identity Protection also offers a user interface for creating 1) user risk policy and 2) sign-in risk policy, we highly recommend that 3) 'you use Azure AD Conditional Access to create risk-based policies for the following benefits':
Rich set of conditions to control access: Conditional Access offers a rich set of conditions such as applications and locations for configuration. The risk conditions can be used in combination with other conditions to create policies that best enforce your organizational requirements.
Multiple risk-based policies can be put in place to target different user groups or apply different access control for different risk levels.
Conditional Access policies can be created through Microsoft Graph API and can be tested first in report-only mode.
Manage all access policies in one place in Conditional Access.
Identity protection
The risk signals can trigger remediation efforts such as requiring: perform multifactor authentication, reset their password using self-service password reset, or block access until an administrator takes action.
It asks what you should include in your recommendation. Definitely you should recommend conditional access policy in order to require MFA for high sign-in risk
Yes, but conditional access policies only do the enforcement, they also require a report from which the administrator will create the necessary policies
Conditional access is under the umbrella of identity protection
https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-security-overview
Conditional is great but the admin requires a report.
Identity protections provides the report and the resolve.
upvoted 1 times
...
...
This section is not available anymore. Please use the main Exam Page.MS-101 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Bouncy
Highly Voted 3 years, 1 month agoschaedlerson
2 years, 11 months agojonny_sins
Most Recent 1 year, 9 months agogills
1 year, 10 months agoshaden2000
2 years, 5 months agoziziman
2 years, 7 months agolusis987
2 years, 9 months agoKemalM
2 years, 10 months agobartdxxx
2 years, 2 months agojage01
2 years, 9 months agojage01
2 years, 9 months agoDaDaDave
2 years, 7 months agoRazielLycas
2 years, 10 months agoAK_1234
5 months, 2 weeks ago