Unit 4: Exercise: Enable Risk Policies

User Risk Policy Configuration

Recommended approach:

• Apply to all users.
• Exclude emergency accounts.
• Require password change instead of blocking access.

Password reset restores account trust, unlike simple blocking.

Sign-in Risk Policy Configuration

Recommended approach:

• Apply to all users.
• Require MFA for medium and high risk.
• Avoid outright blocking unless necessary.