You are an IT security analyst responsible for implementing Conditional Access policies in your organization's Azure Active Directory $($AAD$)$ environment. These policies help secure access to resources based on specific criteria. In your research, you come across various signals that are commonly used to determine Conditional Access.

Which of the following options represents the signals used for determining Conditional Access?

Payroll application, MFA and industry regulations.

User or group membership, device information or application$-$specific triggers.

Secure foundation, remote work, and emerging threats.