🔥 3-day streak
Microsoft 365 Administrator92 / 119
Question 92 of 119

Your organization uses Microsoft Entra ID P2. The security team wants users who trigger a high sign-in risk (for example, an anonymous IP address or atypical travel detection) to be forced to complete multifactor authentication before the session is allowed. If the user cannot satisfy MFA, access must be blocked. Legitimate users must not be permanently locked out. Which approach best meets these requirements?

Reviewed for accuracy · Report an issueNext question