A large enterprise wants to enforce zero-trust conditional access policies that use real-time user risk, sign-in risk, and device compliance. Which combination of Microsoft Entra ID features should they use?
Trap 1: Microsoft Entra ID Privileged Identity Management and Access Reviews
Incorrect. These features manage privileged roles and periodic access reviews, not real-time risk-based conditional access.
Trap 2: Microsoft Entra ID B2B and External Identities
Incorrect. These features facilitate collaboration with external users, not conditional access based on risk.
Trap 3: Microsoft Entra ID Domain Services and Managed Identities
Incorrect. Microsoft Entra ID DS provides domain services for VMs, and Managed Identities are for application credentials, neither addresses conditional access with risk.
- A
Microsoft Entra ID Identity Protection and Conditional Access
Correct. Identity Protection detects risks like leaked credentials and unusual sign-ins, and Conditional Access uses these risks to enforce adaptive policies for a zero-trust model.
- B
Microsoft Entra ID Privileged Identity Management and Access Reviews
Why wrong: Incorrect. These features manage privileged roles and periodic access reviews, not real-time risk-based conditional access.
- C
Microsoft Entra ID B2B and External Identities
Why wrong: Incorrect. These features facilitate collaboration with external users, not conditional access based on risk.
- D
Microsoft Entra ID Domain Services and Managed Identities
Why wrong: Incorrect. Microsoft Entra ID DS provides domain services for VMs, and Managed Identities are for application credentials, neither addresses conditional access with risk.