Question 9 of 9

You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

You create and enforce an Azure AD Identity Protection user risk policy that has the following settings:

• Assignments: Include Group1, Exclude Group2
• Conditions: Sign-in risk of Low and above
• Access: Allow access, Require password change

You need to identify how the policy affects User1 and User2.

What occurs when User1 and User2 sign in from an unfamiliar location?

Unfamiliar location sign-in is considered a low risk so the user risk policy would initiate. Group1 is assigned in the user risk policy and Group2 is excluded so only User1 is affected by the policy so only User1 will be required to change their password.

User1 isn't configured for MFA but User2 is so only User2 will be prompted for MFA.

https://www.gitbit.org/course/ms-500/learn/Implementing-intelligent-security-using-risk-policies-in-Microsoft-365-NFQ6rYFeQ

https://www.gitbit.org/course/ms-500/learn/The-many-ways-to-implement-multi-factor-authentication-MFA-in-Microsoft-365-nAAIvNbtk

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-users-groups