Can Azure Active Directory (Azure AD) Identity Protection add users to groups based on the users' risk level?

Disable ads (and more) with a membership for a one time $4.99 payment

Study for the Microsoft SC-900 Exam. Master key concepts with targeted flashcards and multiple-choice questions, featuring hints and explanations. Get prepared and confident for success!

Azure Active Directory (Azure AD) Identity Protection does not have the capability to automatically add users to groups based on their risk level. Its primary function is to detect potential vulnerabilities affecting your organization’s identities, to investigate incidents, and to respond to detected issues by allowing you to take various actions to mitigate risks.

The tool provides insights into user risk events and enables organizations to configure risk-based conditional access policies. These policies help in requiring additional authentication or blocking access for users deemed at high risk but do not extend to automatic group membership changes based on risk assessment.

Understanding this function of Azure AD Identity Protection highlights its role in enhancing security but reinforces the fact that group management requires separate policies or actions outside of what Identity Protection directly offers. Therefore, the effective answer is that Azure AD Identity Protection cannot add users to groups based on risk levels, aligning with the selected response.