Home » Microsoft » MS-500 v.2 » Which of the actions below will be performed on User2’s account?
NOTE: This question-is a part of a series of questions that present the same scenario. For each of the following statements, select the best response(s) to the question-or statement below. Each answer is worth one point.
After you answer a question-in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have user accounts configured as in the exhibit. You’ve configured an Azure AD Identity Protection risk policy as in the second exhibit. Azure AD Identity Protection determines that all instances in this case represents a high risk.
Which of the actions below will be performed on User2’s account?
A. User account will be blocked
B. User account will be allowed access
C. User account will be required to change password
D. User account will be prompted for MFA
Correct Answer: B
Explanation/Reference:
We’re dealing with a user risk policy because the policy states password reset to be triggered. Sign-in risk policies can trigger MFA.
With sign-in risk, user risk and conditional access policies, exclusions take precedence over inclusions.
If a password reset is triggered by the user risk policy and the user is not registered for SSPR, the account is simply blocked (disabled). A call to the helpdesk/administrator is required to enable the account.
Sign-in risk, user risk and conditional access policies can all be applied to Azure AD B2B guest accounts, however, if a password reset is triggered, the account is blocked (disabled) regardless of SSPR registration in the guest user’s home tenant.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-risk-policies