ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-102 All Questions

View all questions & answers for the MS-102 exam
Go to Exam

Exam MS-102 topic 1 question 88 discussion

Actual exam question from Microsoft's MS-102
Question #: 88
Topic #: 1
[All MS-102 Questions]

Your on-premises network contains an Active Directory domain.
You have a Microsoft 365 subscription.
You need to sync the domain with the subscription. The solution must meet the following requirements:
On-premises Active Directory password complexity policies must be enforced.
Users must be able to use self-service password reset (SSPR) in Azure AD.
What should you use?

  • A. password hash synchronization
  • B. Azure AD Identity Protection
  • C. Azure AD Seamless Single Sign-On (Azure AD Seamless SSO)
  • D. pass-through authentication
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by hogehogehoge at Aug. 24, 2023, 9:40 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
APK1
Highly Voted 9 months, 3 weeks ago
Selected Answer: D
Complex password = PTA
upvoted 5 times
...
IvanDJ
Most Recent 3 months, 2 weeks ago
Selected Answer: A
In this Scenario, the best option will be PHS
upvoted 1 times
...
justITtopics
4 months, 2 weeks ago
Selected Answer: D
Answer D If you have Password Hash Synchronization (PHS), the password policies in AD DS and Entra ID are different and not synchronized. With PHS and Password Writeback, users can use Self-Service Password Reset (SSPR) in Azure AD (license requirement). The only way to have a unique password policy and, in this case, meet the "On-premises Active Directory password complexity" requirement is with Pass-through Authentication (PTA). Password writeback is supported in environments that use the following hybrid identity models: Password hash synchronization, Pass-through authentication and Active Directory Federation Services With PTA, you must have the AD DS in high availability, otherwise you will not be able to sign-in if AD DS becomes unavailable.
upvoted 3 times
...
Rick_James
7 months, 4 weeks ago
PTA provides enhanced security by enforcing on-premises policies in real-time, suited for organizations with complex security requirements
upvoted 3 times
...
diasblackdc
10 months, 2 weeks ago
D "However, certain organizations wanting to enforce their on-premises Active Directory security and password policies, can choose to use Pass-through Authentication instead."
upvoted 1 times
...
mikl
1 year ago
Selected Answer: D
I would go for D here.
upvoted 1 times
...
spektrum1988
1 year, 4 months ago
Answer A works if password writeback is enabled, but they don't mention it.
upvoted 2 times
...
TheMCT
1 year, 4 months ago
Selected Answer: A
The correct answer is A. password hash synchronization. This is a sign-in method that syncs the hash of users’ passwords from your on-premises Active Directory to Azure AD
upvoted 1 times
...
benpatto
1 year, 6 months ago
Selected Answer: D
Although there is no mention of password writeback which is the main requirement for a hybrid setup, PTA (Pass through authentication) can be used to automatically enable Password writeback and allow for the cloud setup to respect the DCs enforcements. I choose you D!
upvoted 3 times
Bouncy
1 year, 4 months ago
Correct choice, wrong explanation. A passed through password doesn't need to be written back, it's passed through to the DC already. Write back is a sync feature of AAD Connect but in a PTA scenario, passwords are not synced in the first place. Also, writeback is not connected to password policy enforcements.
upvoted 3 times
...
...
letters1234
1 year, 9 months ago
Selected Answer: D
Password hash sync just does comparison of password hash. Passthrough respects the DC and doesnt approve the ticket itself. https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-writeback
upvoted 3 times
...
Casticod
1 year, 9 months ago
Selected Answer: D
Azure Active Directory (Azure AD) self-service password reset (SSPR) lets users reset their passwords in the cloud, but most companies also have an on-premises Active Directory Domain Services (AD DS) environment for users. Password writeback allows password changes in the cloud to be written back to an on-premises directory in real time https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-writeback
upvoted 2 times
Casticod
1 year, 9 months ago
Password writeback is supported in environments that use the following hybrid identity models: Password hash synchronization Pass-through authentication Active Directory Federation Services D or A??
upvoted 4 times
sergioandreslq
1 year, 7 months ago
D: On-premises Active Directory password complexity policies must be enforced. this is PTA
upvoted 2 times
sergioandreslq
1 year, 6 months ago
The most probably correct answer is D. PTA is 100% enforced authentication using AD settings. however, PHS: When password hash synchronization is enabled, the password complexity policies in your on-premises Active Directory instance override complexity policies in the cloud for synchronized users. You can use all of the valid passwords from your on-premises Active Directory instance to access Microsoft Entra services. https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-password-hash-synchronization#password-complexity-policy So, PTA or PHS comply with the requirements: Inherited from local AD: On-premises Active Directory password complexity policies must be enforced. PTA and PHS: support password writeback. both PTA and PHS comply with the requirements, however, I will bo with answer D which is the cleanest answer as all the authentication is executed in local AD.
upvoted 3 times
...
...
...
...
Ranger_DanMT
1 year, 9 months ago
answer is correct, SSPR works for both Pass- thru and hash sync. The key here is that on-prem password policies need enforced. https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/how-to-connect-pta
upvoted 3 times
...
Greatone1
1 year, 9 months ago
Selected Answer: D
Correct answer should be D Source : https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-howitworks#:~:text=is%20using%20federated%2C-,pass,-%2Dthrough%20authentication%2C%20or
upvoted 1 times
...
hogehogehoge
1 year, 9 months ago
I think A is correct. Because Users must use SSPR in AzureAD.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel