Microsoft 365 Security Administration — Question 43

You have a hybrid Azure Active Directory (Azure AD) tenant that has pass-through authentication enabled.

You plan to implement Azure AD Identity Protection and enable the user risk policy.

You need to configure the environment to support the user risk policy.

What should you do first?

Answer options

• A. Enable the sign-in risk policy.
• B. Enforce the multi-factor authentication (MFA) registration policy.
• C. Configure a conditional access policy.
• D. Enable password hash synchronization.

Correct answer: D

Explanation

The correct answer is D because enabling password hash synchronization is a prerequisite for implementing user risk policies in Azure AD Identity Protection. The other options, while important for security, do not directly set up the necessary environment for the user risk policy.