Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains a group named Group1. Group1 contains all the administrative user accounts.
You discover several login attempts to the Azure portal from countries where administrative users do NOT work.
You need to ensure that all login attempts to the Azure portal from those countries require Azure Multi-Factor Authentication (MFA).
Solution: Implement Azure AD Identity Protection for Group1.
Does this solution meet the goal?
Click on the arrows to vote for the correct answer
A. B.B
Implement Azure AD Privileged Identity Management for everyone.
Note: Azure Active Directory (Azure AD) Privileged Identity Management (PIM) is a service that enables you to manage, control, and monitor access to important resources in your organization.
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configureThe given scenario involves the need to ensure that all login attempts to the Azure portal from certain countries require Azure Multi-Factor Authentication (MFA). To meet this requirement, the solution proposes implementing Azure AD Identity Protection for Group1.
Azure AD Identity Protection is a cloud-based service that helps to detect, investigate, and prevent identity-related risks. It provides capabilities such as risk-based Conditional Access policies and MFA enforcement based on user risk level.
Enabling Azure AD Identity Protection for Group1 can help to achieve the required goal of enforcing MFA for login attempts from specific countries. The policy can be configured to trigger MFA challenges based on specific risk factors such as sign-in location, IP address, and other user behavioral patterns. Since Group1 contains all administrative user accounts, the policy would apply to all administrative users.
Therefore, the proposed solution meets the stated goal of requiring MFA for login attempts to the Azure portal from certain countries. Hence, the answer is A. Yes.