Which TWO of the following are capabilities of Microsoft Entra ID Protection?
Sign-in risk policy automates response to risky sign-ins.
Why this answer
Microsoft Entra ID Protection provides two risk-based policies: a sign-in risk policy (Option B) and a user risk policy (Option C). The sign-in risk policy evaluates the likelihood that an authentication request is not legitimate based on real-time signals such as anonymous IP addresses, atypical travel, or malware-linked IPs, and can automatically block or require multi-factor authentication (MFA). The user risk policy assesses the probability that a user's credentials have been compromised, based on events like leaked credentials or suspicious activity, and can force a password reset or block sign-in.
Exam trap
The trap here is that candidates often confuse the risk-based policies of Entra ID Protection (sign-in risk and user risk) with Conditional Access session controls or other Entra ID features like Access Reviews and RBAC, because all are part of the broader Entra ID suite but serve distinct functions.