A company wants to require multi-factor authentication (MFA) for all users accessing a financial application, but only when they sign in from outside the corporate network. Which Microsoft Entra ID feature should be used?
Trap 1: Identity Protection
Identity Protection detects risks but does not directly enforce MFA based on network location; it provides risk signals for Conditional Access.
Trap 2: Privileged Identity Management (PIM)
PIM manages time-based and approval-based role activation, not MFA enforcement based on location.
Trap 3: Self-Service Password Reset (SSPR)
SSPR allows users to reset their passwords without administrator intervention, not location-based MFA requirements.
- A
Identity Protection
Why wrong: Identity Protection detects risks but does not directly enforce MFA based on network location; it provides risk signals for Conditional Access.
- B
Conditional Access
Conditional Access allows administrators to define policies that grant or block access based on conditions such as network location, requiring MFA when outside the corporate network.
- C
Privileged Identity Management (PIM)
Why wrong: PIM manages time-based and approval-based role activation, not MFA enforcement based on location.
- D
Self-Service Password Reset (SSPR)
Why wrong: SSPR allows users to reset their passwords without administrator intervention, not location-based MFA requirements.