You have an Azure Active Directory (Azure AD) tenant named contoso.com that has Azure AD Identity Protection enabled. You need to implement a sign-in risk remediation policy without blocking user access. What should you do first? 

Answer options:

A. Configure access reviews in Azure AD.B. Enforce Azure AD Password Protection.
C. Configure self-service password reset (SSPR) for all users.
D. Implement multi-factor authentication (MFA) for all users.

D

MFA and SSPR are both required.However, MFA is required first. Reference: https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-remediate-unblock https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-deployment