Your organization needs to implement conditional access policies to secure Azure AD while minimizing user friction. What is the recommended approach?

  1. Require multi-factor authentication for all users at all times
  2. Implement risk-based conditional access that adjusts requirements based on sign-in risk assessment ✓
  3. Disable modern authentication and require VPN access
  4. Require password changes every 30 days for all users

Correct answer: Implement risk-based conditional access that adjusts requirements based on sign-in risk assessment

Option B is correct because risk-based conditional access in Azure AD (now Microsoft Entra ID) uses Microsoft's Identity Protection signals to evaluate sign-in risk in real time and applies stronger authentication requirements only when risk is elevated, balancing security with minimal friction for low-risk sessions. Option A is incorrect because requiring MFA for all users at all times significantly increases friction and can reduce productivity without proportional security benefit, especially for low-risk, trusted sign-ins. Option C is incorrect because disabling modern authentication removes security features such as MFA and token-based controls, and forcing all traffic through VPN creates a single point of failure and does not leverage cloud-native identity controls. Option D is incorrect because frequent mandatory password changes have been shown to reduce security by encouraging predictable password patterns and do not address the dynamic, risk-based nature of modern identity threats.

Topic: · conditional access, azure ad, identity protection, zero trust

Practice Microsoft Azure Solutions Architect (AZ-305) Questions Free