Microsoft 365 Administrator Expert MS-102 Practice Question
Contoso wants to automate remediation of risky sign-ins by using Microsoft Entra ID Protection. The security team has agreed on these rules:
Block access when sign-in risk is High.
Require multifactor authentication (MFA) when sign-in risk is Medium.
Allow access without additional requirements when sign-in risk is Low.
You need to configure the environment to meet the requirements while keeping the design as simple as possible. What should you do?
Enable the user risk policy and set the remediation action to require a password change for Medium and above risk.
Enable the built-in sign-in risk policy and configure it to block High risk and require MFA for Medium risk within the same policy.
Create two Conditional Access policies that use the sign-in risk condition: one blocking High risk sign-ins and another requiring MFA for Medium risk sign-ins.
Turn on Microsoft Entra security defaults to enforce MFA and block High-risk sign-ins automatically.
Microsoft Entra ID Protection includes a built-in sign-in risk policy, but that policy applies only one access control (allow, require MFA, or block) to all risk levels at or above a single threshold. It therefore cannot assign different actions to High and Medium risk separately. Conditional Access, however, lets you create multiple policies, each filtered for a specific sign-in risk level, and apply a different grant control per policy. Creating one Conditional Access policy that targets High sign-in risk and blocks access, and a second policy that targets Medium sign-in risk and requires MFA, satisfies the stated requirements. Enabling the user-risk policy, security defaults, or adding a single sign-in risk policy would not provide the necessary per-level controls.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Microsoft Entra ID Protection?
Open an interactive chat with Bash
What is Conditional Access in Microsoft Entra?
Open an interactive chat with Bash
How does sign-in risk differ from user risk in Microsoft Entra?
Open an interactive chat with Bash
Microsoft 365 Administrator Expert MS-102
Implement and manage Microsoft Entra identity and access
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .