The answer is D, Azure Identity Protection, which allows for the configuration of a Sign-in Risk Policy. If Conditional Access was blocking the sign-in, you would not receive that error message.

I believe conditional access is the correct answer Requiring multi-factor authentication for users with administrative roles Requiring multi-factor authentication for Azure management tasks Blocking sign-ins for users attempting to use legacy authentication protocols Requiring trusted locations for Azure Multi-Factor Authentication registration Blocking or granting access from specific locations Blocking risky sign-in behaviors Requiring organization-managed devices for specific applications

no doubt guys, base requirement: https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-policies: *Block access *Allow access *Require multifactor authentication

Conditional Access is the correct answer, C.

Both can be argued as valid. The answer "C. Microsoft Azure Active Directory (Azure AD) conditional access policies" is better than "D. Microsoft Azure Active Directory (Azure AD) Identity Protection policies" because it specifically mentions "something unusual about this sign-in" which suggests that the issue is related to sign-in activity and authentication. Azure AD conditional access policies can be used to define policies that control how and when users can access resources, including sign-in policies. These policies can be configured to block access if certain conditions are not met, such as sign-ins from unknown locations or devices, which could trigger the message described in the question. Azure AD Identity Protection policies, on the other hand, focus more on detecting and responding to identity-based threats, such as password spray attacks or brute-force attacks, and may not be directly related to the sign-in issue described in the question.

Tried with ChatGPT, at first it told me the option C is correct. However, i told it i thought D is the correct answer and here what it answered me: “I apologize for the confusion. The correct answer is D. Microsoft Azure Active Directory (Azure AD) Identity Protection policies. When a user sees the message "Your sign-in was blocked. We've detected something unusual about this sign-in. For example, you might be signing in from a new location, device, or app. Before you can continue, we need to verify your identity. Please contact your admin.", it is likely due to a risk detected by Azure AD Identity Protection policies. Azure AD Identity Protection policies can block access to applications if the user's risk level is too high. This can be caused by factors such as a high number of failed sign-in attempts, sign-in attempts from a suspicious location or device, or evidence of malware on the user's device. Therefore, the correct answer to the question is D. Microsoft Azure Active Directory (Azure AD) Identity Protection policies.” It os funny.

I see where people are getting confused it is not the location you want to confirm which would make the answer C it is the identity which needs confirmation

While Identity Protection also offers a user interface for creating user risk policy and sign-in risk policy, we highly recommend that you use Azure AD Conditional Access to create risk-based policies https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-policies#identity-protection-policies

The answer here can only be C - as there's no such things as an Identity Protection Policy: Identity Protection is the service that gathers threat signals that are then used by other MS services, such as Conditional Access evaluations. Or, in MS's own words: "The signals generated by and fed to Identity Protection, can be further fed into tools like Conditional Access to make access decisions, or fed back to a security information and event management (SIEM) tool for further investigation." https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection

"D. Microsoft Azure Active Directory (Azure AD) Identity Protection policies" is the correct answer Reference: https://www.examtopics.com/discussions/microsoft/view/11784-exam-ms-101-topic-1-question-26-discussion/

Conditional Access policies are enforced after first-factor authentication is completed. Conditional Access isn't intended to be an organization's first line of defense for scenarios like denial-of-service (DoS) attacks, but it can use signals from these events to determine access.

Can be either Identity Protection set to Block Access or using the Risk Policies in Conditional Access. Hopefully in the exam the question will have more information about which feature was configured or let you choose multiple options.

It would be conditional access only. Identity protection does provide the signal but doesn't block itself. In absence of no conditional access policy, it can be used for reporting purposes only as well. Ca only blocks

Identity protection policies is based in Conditional Access for configuration - however they form a different service. I hope MS is consistent to its engineering https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-policies

D isthe answer. Conditional Access policy notifies the user with "Your sign-in was successful but does not meet the criteria to access this resource..."

I believe this is AzureAD Identity Protection related since it is not referencing any conditional access policy which would be preventing access e.g. preventing access from certain IP addresses or countries

It's defo C, take time to actually read the link - https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview I have these policies in my tenant, with location conditions in place.