Your organization utilizes Microsoft 365 and has recently integrated two custom applications, Application1 and Application2, with Azure Active Directory. Management has requested that additional security measures be implemented for Application1, specifically requiring users to undergo an extra verification step when accessing it. This enhanced security is not needed for Application2. Which of the following actions should you take to meet this requirement?