Home » Microsoft » MS-500 v.2 » Which options are available to you?
You are configuring Azure Active Directory and need to synchronize on-premises Active Directory user accounts, but your security officer does not want passwords or their derivatives to be stored in the cloud at all.
Which options are available to you? (Choose two.)
A. AAD Connect with Azure Active Directory Domain Services
B. AAD Connect with pass-through authentication (PTA)
C. AAD Connect with password hash-sync (PHS)
D. AAD Connect with AD federation (AD FS)
Correct Answer: BD
Explanation/Reference:
In PTA and ADFS authentication happens on-premises. PHS syncs hashes to the cloud. Azure Active Directory Domain Services keeps password hashes in the cloud, so this is not a correct option. It also is not strictly speaking an Azure AD Connect hybrid identity model, but it is important to understand the different Azure AD and on-premises AD topologies and how Azure AD Connect synchronizes them.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/compare-identity-solutions