Under PROTECT on the left navigation of Azure AD Identity Protection, you'll notice three policy-like configurations: User risk policy, Sign-in risk policy, and MFA registration policy:

For each you will configure:

• Which users/groups to include or exclude
• Conditions: Sensitivity/risk level (low and above, medium and above, or high)
• Controls/Access or what should happen if the risk level is met for the selected users
• Review (illustrates estimated impact of the policy)

The following shows a user risk policy and each of the aforementioned configurations:

Under User risk policy you can set up a conditional statement that, based on the risk level, automatically remediates user risk issues:

If that condition is met, you can do the following:

• Block access or allow access
• Require password change

Sign-in risk policy works nearly the same, but, instead of requiring a password change, you can require MFA. So, for example, if a user is signing in from an unknown IP address, you could have them authenticate their login with the extra steps involved in MFA. In the following screenshot, you can see the Access configuration setting for an Azure AD Identity Protection sign-in risk policy:

The final option is MFA registration policy. This one is the simplest, as you just pick the users/groups who should have MFA enabled and who, if any, should be excluded. Risk level, or any condition, is not a factor.

Now let's look at the option of manually closing risk events.