You plan to enable Azure Active Directory (AD) Identity Protection for your company. The configuration must include the following:
* A role that allows full access to Identity Protection but without resetting passwords for users
* A policy that will analyze user sign-in and learn typical user behavior
Which role and policy will meet these requirements? Choose all that apply:
You should recommend the Security administrator role. This role provides full access to Identity Protection but cannot reset user passwords.
You should not recommend the Global administrator role. This role has a full access to Identity Protection but can reset user passwords.
You should not recommend the Security reader role. This role has read-only access to Identity Protection and cannot configure policies or reset passwords.
You should recommend a user risk policy. With this type of policy, Azure AD analyzes each user's sign-in so it can detect suspicious actions (risk events) related to the sign-in. After a particular learning period, the system can learn typical user behavior.
You should not recommend an MFA registration policy. This type of policy provides a second layer of security to user sign-ins and transactions, but it does not analyze user sign-ins and learn typical user behavior.
You should not recommend a sign-in policy. This type of policy is used to define a response for a specific sign-in risk level. It does not analyze user sign-in or learn typical user behavior.