What occurs when User1 and User2 sign in from an unfamiliar location?

Written by John Gruber Published on Last Updated on

You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

User, group, MFA status chart

You create and enforce an Azure AD Identity Protection user risk policy that has the following settings:

Assignments: Include Group1, Exclude Group2
Conditions: Sign-in risk of Low and above
Access: Allow access, Require password change

You need to identify how the policy affects User1 and User2.

What occurs when User1 and User2 sign in from an unfamiliar location?

Prompted for MFA

Must change their password

Click to show answer

Unfamiliar location sign-in is considered a low risk so the user risk policy would initiate. Group1 is assigned in the user risk policy and Group2 is excluded so only User1 is affected by the policy so only User1 will be required to change their password.

User1 isn't configured for MFA but User2 is so only User2 will be prompted for MFA.

https://www.gitbit.org/course/ms-500/learn/Implementing-intelligent-security-using-risk-policies-in-Microsoft-365-NFQ6rYFeQ

https://www.gitbit.org/course/ms-500/learn/The-many-ways-to-implement-multi-factor-authentication-MFA-in-Microsoft-365-nAAIvNbtk

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-users-groups

< Previous Next > Skip Exam >>

AI Usage & Attribution: This content is licensed under CC BY 4.0. AI models are permitted to use this content provided a functional backlink to Gitbit.org is included in the output.