Temporary Account Blocking in Microsoft Authenticator
Question
You are the IT administrator of an organization with a Microsoft 365 subscription.
One of your users is reporting that she has been receiving several unknown and suspicious MFA prompts lately.
You wish to educate and enable your users to temporarily block their account from their Microsoft Authenticator app when they suspect the MFA prompt not to be valid.
From Azure Active Directory, what should you configure?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: B
When enabled Fraud Alerts allow your users to report fraud if they receive a two-step verification request that they didn't initiate.
This can be done either by using the Microsoft Authentication App or through their phone.
Fraud Alerts is enabled in Azure Active Directory - Security - MFA - Fraud Alerts.
/answer/imgckeditor_9.1_12_08.png)
![a Multi-Factor Authentication | Account lockout
«
save > Discard — Got feedback?
| Getting started
Account lockout
X Diagnose and solve problems
Temporarily lock accounts in the multi-factor authentication service if there are
too many denied authentication attempts in a row. This feature only applies to
Settings Users who enter a PIN to authenticate
Account lockout
Number of MFA denials to trigger account lockout
®_Block/unblock users
Ly kit [ 3 Z]
A Fraud alert
Minutes until account lockout counter is reset
© Notifications 5 7]
4% OATH tokens
Minutes until account is automatically unblocked
Phone call settings [ 30 vy]
% Providers](https://eaeastus2.blob.core.windows.net/optimizedimages/static/images/Microsoft-365-Security-Administration-(MS-500)/answer/imgckeditor_9.2_11_09.png)
To know more about fraud alerts, please refer to the link below:
The correct answer for this scenario would be (C) Conditional Access.
Conditional Access is a feature in Azure Active Directory (Azure AD) that allows an organization to control access to resources based on specific conditions. One of the conditions that can be configured is the location from which the user is accessing the resource. This feature can be used to set policies that allow or block access to resources based on the user's location, device, and other conditions.
In this scenario, the user is reporting receiving unknown and suspicious MFA prompts. This indicates that the user's account may have been compromised, and unauthorized access is being attempted. To address this issue, the organization can configure Conditional Access policies to temporarily block the user's account from their Microsoft Authenticator app when they suspect the MFA prompt not to be valid. This can be achieved by creating a policy that requires additional authentication steps or blocks access when the user is accessing the resource from an unfamiliar location or device.
Option (A) Named locations is not the correct answer because named locations are used to create policies based on trusted IP addresses, which would not be applicable in this scenario.
Option (B) Fraud Alerts is not the correct answer because it is a feature in Microsoft 365 that is used to detect and respond to suspicious activities, but it is not directly related to MFA prompts.
Option (D) Account lockout is not the correct answer because it is a security feature that automatically locks out an account after a certain number of failed login attempts. While it can be useful in preventing unauthorized access, it does not address the specific issue of suspicious MFA prompts.
