Question

In Azure AD Identity Protection, when a sign-in risk is detected, what actions can IDP take to protect a user account?

1) Notify the user of the risk and require multi-factor authentication
2) Suspend the user account temporarily while the risk is investigated
3) Block the user from signing in until the risk is resolved
4) Reset the user's password and enforce a password change

Answer 1

Azure AD Identity Protection offers various actions to protect a user account when a sign-in risk is detected. Options, 1. 2 and 3 are correct.

Step-by-step explanation:

Azure AD Identity Protection offers various actions to protect a user account when a sign-in risk is detected:

1. Notify the user of the risk and require multi-factor authentication: This helps ensure that only authorized users can access the account by requiring an additional layer of verification.
2. Suspend the user account temporarily while the risk is investigated: This prevents any further unauthorized access to the account until the risk is assessed and resolved.
3. Block the user from signing in until the risk is resolved: This measure prevents the user from accessing the account until the risk is mitigated.

Azure AD Identity Protection also provides additional features such as resetting the user's password and enforcing a password change to further protect the account.