ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-102 All Questions

View all questions & answers for the MS-102 exam
Go to Exam

Exam MS-102 topic 1 question 156 discussion

Actual exam question from Microsoft's MS-102
Question #: 156
Topic #: 1
[All MS-102 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory forest.

You deploy Microsoft 365.

You plan to implement directory synchronization.

You need to recommend a security solution for the synchronized identities. The solution must meet the following requirements:

• Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable.
• User passwords must be 10 characters or more.

Solution: Implement password hash synchronization and configure password protection in the Azure AD tenant.

Does this meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Hard1k at Sept. 14, 2023, 7:30 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
BSVIT
Highly Voted 1 year, 5 months ago
Selected Answer: B
B, WHY? Solution only partly meets requirements. solution does meet the goal for requirement 1: Password hash synchronization synchronizes user password hashes from Active Directory to Azure AD. This allows users to authenticate to Microsoft 365 services even if Active Directory is unavailable. solution does NOT meet the goal for requirement 2: ''When password hash synchronization is enabled, the password complexity policies in your on-premises Active Directory instance override complexity policies in the cloud for synchronized users. You can use all of the valid passwords from your on-premises Active Directory instance to access Microsoft Entra services.'' So configuring password complexity policies in AzureAD is pointless as is gets overwritten. Source: https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-password-hash-synchronization
upvoted 22 times
e201546
11 months ago
Thanks for explaining that, it helps with more questions
upvoted 2 times
...
...
Hard1k
Highly Voted 1 year, 7 months ago
Selected Answer: A
s, the solution meets the goal. Password hash synchronization synchronizes user password hashes from Active Directory to Azure AD. This allows users to authenticate to Microsoft 365 services even if Active Directory is unavailable. Password protection in Azure AD allows you to configure password requirements, such as minimum length and complexity. You can also use password protection to block specific words or phrases from being used in passwords. By implementing password hash synchronization and configuring password protection in the Azure AD tenant, you can meet the following requirements: Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable. User passwords must be 10 characters or more.
upvoted 12 times
Frippy
1 year, 4 months ago
There is no "minimum length and complexity" in AzureAD
upvoted 3 times
...
Milad666
1 year, 6 months ago
WRONG! User that syncronized with PHS will just inherit Policies and attributes from Active Directory. So Solution doasnt meet the goal.
upvoted 14 times
EEMS700
1 year, 5 months ago
I agree with Milad Policies they will be used are from Active Directory Correct answer is B
upvoted 4 times
...
...
...
THONARA
Most Recent 4 weeks ago
Selected Answer: A
I have a hybrid environment; I Implemented password hash synchronization and configured password protection in the Azure AD tenant, can I able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable? Answer: Yes, you can authenticate successfully to Microsoft 365 services even if your on-premises Active Directory becomes unavailable. With password hash synchronization enabled, your users' password hashes are synchronized from your on-premises Active Directory to Azure AD12. This means that authentication requests can be handled directly by Azure AD, ensuring continuity of access to Microsoft 365 services3.
upvoted 1 times
...
vixxx83
2 months ago
Selected Answer: B
password hash synchronization ensures that users can still authenticate to Microsoft 365 services even if the on-premises Active Directory becomes unavailable. This is because the password hashes are synchronized to Azure AD, allowing Azure AD to handle the authentication independently of the on-premises Active Directory.
upvoted 1 times
vixxx83
2 months ago
Sorry selected answer to be A
upvoted 1 times
...
...
Frank9020
5 months, 2 weeks ago
Selected Answer: A
Correct answer is A. Password hash synchronization allows users to authenticate to Microsoft 365 services even if the on-premises Active Directory becomes unavailable, as the authentication is handled by Azure AD1. Additionally, configuring password protection in the Azure AD tenant ensures that user passwords meet the required complexity, such as being 10 characters or more2. https://learn.microsoft.com/en-us/microsoft-365/enterprise/prepare-for-directory-synchronization?view=o365-worldwide https://learn.microsoft.com/en-us/microsoft-365/enterprise/set-up-directory-synchronization?view=o365-worldwide
upvoted 2 times
...
ExamCheater1993
10 months, 3 weeks ago
Question 158,. Solution: Implement password hash synchronization and modify the password settings from the Default Domain Policy in Active Directory.
upvoted 2 times
...
oopspruu
1 year ago
Selected Answer: B
The solution doesn't satisfy the 2nd requirement. The password policies needs to be enforced in on-prem AD if PHS is used. With PHS, AD password policies always override AAD password policies.
upvoted 2 times
...
CharlesS76
1 year ago
Selected Answer: B
Password policies that will be used are from Active Directory...
upvoted 1 times
...
Tomtom11
1 year ago
https://learn.microsoft.com/en-us/entra/identity/authentication/concept-password-ban-bad-on-premises Microsoft Entra Password Protection detects and blocks known weak passwords and their variants, and can also block additional weak terms that are specific to your organization. On-premises deployment of Microsoft Entra Password Protection uses the same global and custom banned password lists that are stored in Microsoft Entra ID, and does the same checks for on-premises password changes as Microsoft Entra ID does for cloud-based changes. These checks are performed during password changes and password reset events against on-premises Active Directory Domain Services (AD DS) domain controllers.
upvoted 1 times
...
Tomtom11
1 year ago
https://learn.microsoft.com/en-us/entra/identity/authentication/concept-password-ban-bad-combined-policy
upvoted 1 times
...
Tomtom11
1 year ago
https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-password-hash-synchronization There are two types of password policies that are affected by enabling password hash synchronization: Password complexity policy Password expiration policy
upvoted 1 times
...
Fran22
1 year, 1 month ago
The answer is no. https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-password-hash-synchronization. Says: When password hash synchronization is enabled, the password complexity policies in your on-premises Active Directory instance override complexity policies in the cloud for synchronized users. Passwords for users that are created directly in the cloud are still subject to password policies as defined in the cloud.
upvoted 1 times
...
Tomtom11
1 year, 2 months ago
Selected Answer: A
https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-password-hash-synchronization Generally, password hash synchronization is simpler to implement than a federation service. It doesn't require any additional servers, and eliminates dependence on a highly available federation service to authenticate users. Password hash synchronization can also be enabled in addition to federation. It may be used as a fallback if your federation service experiences an outage
upvoted 1 times
...
SBGM
1 year, 2 months ago
Selected Answer: B
Hybrid deployments where user accounts are synced from AD to Azure AD will keep the Active Directory password restrictions, even when Pass Through Authentication is not active. The Azure AD Password restrictions only restrict cloud-native accounts.
upvoted 1 times
...
AAlmani
1 year, 2 months ago
Selected Answer: B
the given scenario is about synchronizing users from op-prem AD to Azure AD, so password protection should be applied on-prem AD. Correct Solution: Implement password hash synchronization and modify the password settings from the Default Domain Policy in Active Directory.
upvoted 1 times
...
shubu2276
1 year, 3 months ago
Selected Answer: B
No, this does not meet the goal. Password hash synchronization and password protection in Azure AD are two different features that serve different purposes. Password hash synchronization allows users to sign in to Microsoft 365 services using the same password as their on-premises Active Directory account, but it does not provide any backup or failover mechanism if Active Directory becomes unavailable. Password protection helps to enforce strong passwords by blocking common or weak terms, but it does not affect the length of the passwords. To meet the goal, you need to implement a different solution, such as Azure AD Connect Health with AD FS or Pass-through Authentication, and configure a password policy in Active Directory that requires passwords to be 10 characters or more.
upvoted 1 times
...
Christianbrivio1991
1 year, 5 months ago
Selected Answer: B
Correct Answer B
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago