Exam SC-200 topic 5 question 1 discussion

C is the correct answer. - Microsoft Entra ID Protection calculcates the risk. - A conditional Access policy enforces the access controls and blocks the user based on the calculated risk. ID Protection analyzes signals about user accounts and calculates a risk score based on the probability that the user is compromised. If a user has risky sign-in behavior, or their credentials leak, ID Protection uses these signals to calculate the user risk level. Administrators can configure user risk-based Conditional Access policies to enforce access controls based on user risk, including requirements such as: - Block access See: https://learn.microsoft.com/en-us/entra/id-protection/concept-identity-protection-policies#user-risk-based-conditional-access-policy

Conditional Access policies in Microsoft Entra (formerly Azure AD) allow administrators to enforce specific conditions for access to resources, including revoking session tokens when certain conditions are met. For example, you can configure a Conditional Access policy to require re-authentication or revoke tokens if a user is flagged as compromised or if suspicious activity is detected. Security defaults and Microsoft Entra ID Protection can help secure user identities but do not provide direct control over session token revocation. Microsoft Entra Verified ID is unrelated to token revocation as it deals with decentralized identity verification. https://learn.microsoft.com/en-us/entra/identity-platform/configurable-token-lifetimes?utm_source=perplexity

A Conditional Access policy in Microsoft Entra Conditional Access policies are powerful tools within Microsoft Entra (Azure AD) that allow you to control access based on conditions such as user risk, device state, and more. You can configure policies to block access, require MFA, or force re-authentication under certain conditions. This approach can be used to revoke or invalidate existing session tokens if a specific condition, such as a high-risk sign-in, is detected. This matches the requirement of revoking session tokens in case of a compromised account.