What must be created to enable two-step verification for Azure users within Azure AD?

To enable two-step verification for Azure users within Azure Active Directory (Azure AD), creating an Azure AD conditional access policy is essential. This policy allows administrators to enforce multi-factor authentication (MFA) requirements based on conditions such as user location, device compliance, or application sensitivity. By implementing a conditional access policy, you can specify when MFA should be triggered, thereby enhancing the security of user sign-ins.

Creating a conditional access policy allows for granular control over the circumstances under which two-step verification is required, ensuring that it meets the organization's security needs while providing flexibility for users. This capability is critical for managing access to resources securely, minimizing the risk of unauthorized access to Azure resources.

Other choices do not directly facilitate the enabling of two-step verification. For example, a playbook in Azure Logic Apps wouldn’t serve to enforce authentication requirements, an identity protection group pertains to managing risks related to users but does not set up MFA, and a new Azure subscription is unrelated to configuring security features such as two-step verification.