Home » Microsoft » MS-100 v.2 » Which authentication strategy should you identify?
Your network contains an Active Directory domain named contoso.com. The domain contains five domain controllers.
You purchase Microsoft 365 and plan to implement several Microsoft 365 services.
You need to identify an authentication strategy for the planned Microsoft 365 deployment. The solution must meet the following requirements:
Ensure that users can access Microsoft 365 by using their on-premises credentials.
Use the existing server infrastructure only.
Store all user passwords on-premises only. Be highly available.
Which authentication strategy should you identify?
A. pass-through authentication and seamless SSO
B. pass-through authentication and seamless SSO with password hash synchronization
C. password hash synchronization and seamless SSO
D. federation
Correct Answer: A
Explanation/Reference:
Explanation:
Azure AD Pass-through Authentication. Provides a simple password validation for Azure AD authentication services by using a software agent that runs on one or more on-premises servers. The servers validate the users directly with your on-premises Active Directory, which ensures that the password validation doesn’t happen in the cloud.
Incorrect Answers:
B: Password hash synchronization replicates passwords to Azure Active Directory. This does not meet the following requirement: Store all user passwords on-premises only
C: Password hash synchronization replicates passwords to Azure Active Directory. This does not meet the following requirement: Store all user passwords on-premises only
D: Federation requires additional servers running Active Directory Federation Services. This does not meet the following requirement: Use the existing server infrastructure only.
Reference:
https://docs.microsoft.com/en-us/azure/security/fundamentals/choose-ad-authn
