ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-100 All Questions

View all questions & answers for the MS-100 exam
Go to Exam

Exam MS-100 topic 4 question 31 discussion

Actual exam question from Microsoft's MS-100
Question #: 31
Topic #: 4
[All MS-100 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory forest.
You deploy Microsoft 365.
You plan to implement directory synchronization.
You need to recommend a security solution for the synchronized identities. The solution must meet the following requirements:
✑ Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable.
✑ User passwords must be 10 characters or more.
Solution: Implement pass-through authentication and configure password protection in the Azure AD tenant.
Does this meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
This solution does not meet the following requirement:
✑ Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable.
This is because with pass-through authentication, the authentication is performed by the on-premise Active Directory.
This solution does not meet the following requirement:
✑ Users passwords must be 10 characters or more.
To meet this requirement, you would need to configure the Default Domain Policy in the on-premise Active Directory.
Azure Password Protection can prevent users from using passwords from a 'banned password' list but it cannot be configured to require that passwords must be
10 characters or more.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-password-hash-synchronization
by Goofer at Feb. 4, 2020, 5:56 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Goofer
Highly Voted 5 years, 3 months ago
PTA checks Active Directory
upvoted 8 times
WoneSix
5 years, 1 month ago
Yes, so the first goal is not achieved.
upvoted 4 times
...
Jake1
4 years, 5 months ago
Exactly, since the hashed PW is not stored in AAD, it has to talk to AD and if it's not available, you can't auth.
upvoted 2 times
...
...
mkoprivnj
Most Recent 4 years, 4 months ago
No for sure!
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago