Home » Microsoft » MS-100 v.2 » Which authentication strategy should you recommend?
Your network contains an on-premises Active Directory forest.
You are evaluating the implementation of Microsoft 365 and the deployment of an authentication strategy.
You need to recommend an authentication strategy that meets the following requirements:
Allows users to sign in by using smart card-based certificates
Allows users to connect to on-premises and Microsoft 365 services by using SSO
Which authentication strategy should you recommend?
A. password hash synchronization and seamless SSO
B. federation with Active Directory Federation Services (AD FS)
C. pass-through authentication and seamless SSO
Correct Answer: B
Explanation/Reference:
Explanation:
Federation with Active Directory Federation Services (AD FS) is required to allow users to sign in by using smart card-based certificates.
Federated authentication
When you choose this authentication method, Azure AD hands off the authentication process to a separate trusted authentication system, such as on-premises Active Directory Federation Services (AD FS), to validate the user’s password.
The authentication system can provide additional advanced authentication requirements. Examples are smartcard-based authentication or third-party multifactor authentication.
Reference:
https://docs.microsoft.com/en-us/azure/security/azure-ad-choose-authn
