ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-800 All Questions

View all questions & answers for the AZ-800 exam
Go to Exam

Exam AZ-800 topic 1 question 53 discussion

Actual exam question from Microsoft's AZ-800
Question #: 53
Topic #: 1
[All AZ-800 Questions]

HOTSPOT
-

Your on-premises network contains an Active Directory Domain Services (AD DS) domain. The domain contains the servers shown in the following table.



The domain controllers do NOT have internet connectivity.

You plan to implement Azure AD Password Protection for the domain.

You need to deploy Azure AD Password Protection agents. The solution must meet the following requirements:

• All Azure AD Password Protection policies must be enforced.
• Agent updates must be applied automatically.
• Administrative effort must be minimized.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by Payday123 at Nov. 15, 2023, 6:34 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
RickySmith
Highly Voted 1 year, 5 months ago
Azure AD Password Protection agent - Only DC1 and DC2. Agents need to be on full DC's as RODC's cannot process all password changes. https://learn.microsoft.com/en-us/entra/identity/authentication/howto-password-ban-bad-on-premises-deploy#read-only-domain-controller-considerations Azure AD Password Protection Proxy - Server1 -Needs to be on Member Server only -Not compatible with RODC. -Not compatible with AAD App Proxy. https://learn.microsoft.com/en-us/entra/identity/authentication/howto-password-ban-bad-on-premises-deploy#microsoft-entra-connect-agent-updater-prerequisites
upvoted 8 times
Krayzr
10 months, 3 weeks ago
True. found on RickySmith's link . Warning Microsoft Entra Password Protection proxy and Microsoft Entra application proxy install different versions of the Microsoft Entra Connect Agent Updater service, which is why the instructions refer to Application Proxy content. These different versions are incompatible when installed side by side and doing so will prevent the Agent Updater service from contacting Azure for software updates, so you should never install Microsoft Entra Password Protection Proxy and Application Proxy on the same machine.
upvoted 4 times
...
...
lucacose
Highly Voted 1 year, 5 months ago
Install Azure AD Password Protection -> Only DC1 and DC2 WHY? RODCs are not supported Install Azure AD Password Protection Proxy -> Server1 WHY? You can't install AAD Password Protection PROXY (Now Microsoft Entra Password Proxy)in a server with Azure AD Application Connector proxy Look for the prerequisite at this page: https://learn.microsoft.com/en-us/entra/identity/authentication/howto-password-ban-bad-on-premises-deploy
upvoted 5 times
...
Ksk08
Most Recent 6 months, 4 weeks ago
Dc1 and dc2 Server 1
upvoted 1 times
...
Jools_SP
1 year, 4 months ago
Incorrect answer. Microsoft Entra Password Protection proxy and Microsoft Entra application proxy install different versions of the Microsoft Entra Connect Agent Updater service, which is why the instructions refer to Application Proxy content. These different versions are incompatible when installed side by side and doing so will prevent the Agent Updater service from contacting Azure for software updates, so you should never install Microsoft Entra Password Protection Proxy and Application Proxy on the same machine.
upvoted 2 times
...
Payday123
1 year, 6 months ago
Is it a new question?
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel