Microsoft 365 Administrator Expert MS-102 Practice Question
Your company has a Microsoft Entra ID P2 license and enables Microsoft Entra ID Protection for all users. Security administrators decide that if a user's risk reaches the high level, the account must be taken out of service until the user's credentials are reset by the help-desk. The solution must require no manual review by administrators and must not rely on multifactor authentication.
Which configuration meets these requirements?
Create a User risk policy that targets all users except emergency access accounts and sets the Access control to Block access when risk level is High.
Enable the Conditional Access policy template "Require authentication strength for sensitive actions" and set the strength to Password + SMS.
Create a Sign-in risk policy that prompts for multifactor authentication when sign-in risk is High and adds the help-desk group as a privileged authentication administrator.
Define all corporate public IP ranges as trusted named locations and configure Entra ID Protection to sign users out if they attempt to authenticate from an untrusted location.
To take an account out of service automatically when Microsoft Entra ID Protection calculates a high user risk, you configure a User risk policy with the assignment scope set to All users (excluding break-glass accounts) and the Access control set to Block access.
A User risk policy evaluates the probability that an identity has been compromised and can enforce controls at sign-in or on continuous evaluation. Setting the policy to Block access immediately denies authentication attempts for users whose risk is high, without prompting for MFA or requiring any administrator intervention.
A Sign-in risk policy cannot achieve the goal because it assesses individual sessions and cannot prevent all sign-ins until the password is reset. Conditional Access templates or named locations do not reference the user risk signal directly, so they also cannot satisfy the requirement.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Microsoft Entra ID Protection?
Open an interactive chat with Bash
How does a User Risk Policy differ from a Sign-in Risk Policy?
Open an interactive chat with Bash
What are emergency access accounts in Microsoft Entra ID?
Open an interactive chat with Bash
Microsoft 365 Administrator Expert MS-102
Implement and manage Microsoft Entra identity and access
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .