I would have to disagree with the comments in here.
As I see it the 3rd question is a tricky trap. When we evaluate a sign in risk, the risk level is calculated for the sign in action itself (as for example someone else rather than the actual user is trying to login), not the user risk (as for example the account of the used is compromised).
Hence my anwer would be NYN
To make it even more clear, MFA is evoked in the Sign in Risk feature of Identity Protection. Not the User's Risk one. The last one evokes Password Change.
Hence the tricky Trap.
It is still true because even with user risk, an admin can configure to require multifactor authentication (and password change). The answer is therefore Y.
Read the part under User Risk Policy in Conditional Access:
https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-risk-policies
NYY is the answer.
https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks#nonpremium-user-risk-detections
- Leaked credentials
This risk detection type indicates that the user's valid credentials have been leaked. When cybercriminals compromise valid passwords of legitimate users, they often share those credentials. This sharing is typically done by posting publicly on the dark web, paste sites, or by trading and selling the credentials on the black market. When the Microsoft leaked credentials service acquires user credentials from the dark web, paste sites, or other sources, they're checked against Azure AD users' current valid credentials to find valid matches.
https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-policies#sign-in-risk-based-conditional-access-policy
During each sign-in, Identity Protection analyzes hundreds of signals in real-time and calculates a sign-in risk level that represents the probability that the given authentication request isn't authorized. This risk level then gets sent to Conditional Access, where the organization's configured policies are evaluated. Administrators can configure sign-in risk-based Conditional Access policies to enforce access controls based on sign-in risk, including requirements such as:
- Block access
- Allow access
- Require multifactor authentication
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
PinkUnicorns
Highly Voted 1 year, 11 months agoLegendaryZA
Most Recent 1 month, 3 weeks agochiliman
6 months, 3 weeks agodawnbringer69
1 year, 6 months agodawnbringer69
1 year, 6 months agoMehe323
1 year, 4 months agozellck
1 year, 7 months agozellck
1 year, 7 months agoXtraWest
1 year, 7 months agoobaali1990
1 year, 9 months agoETU69
1 year, 11 months ago