Microsoft Identity and Access Administrator — Question 29

You create a new Microsoft 365 E5 tenant.

You need to ensure that when users connect to the Microsoft 365 portal from an anonymous IP address, they are prompted to use multi-factor authentication (MFA).

What should you configure?

Answer options

• A. a sign-in risk policy
• B. a user risk policy
• C. an MFA registration policy

Correct answer: A

Explanation

The correct answer is A, as a sign-in risk policy is specifically designed to evaluate the risk level of a login attempt and can enforce MFA based on factors like the IP address. Option B, a user risk policy, focuses on the user's risk level rather than the sign-in attempt itself, while option C, an MFA registration policy, is about registering for MFA rather than enforcing it during sign-ins.