ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-100 All Questions

View all questions & answers for the MS-100 exam
Go to Exam

Exam MS-100 topic 4 question 16 discussion

Actual exam question from Microsoft's MS-100
Question #: 16
Topic #: 4
[All MS-100 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory forest.
You deploy Microsoft 365.
You plan to implement directory synchronization.
You need to recommend a security solution for the synchronized identities. The solution must meet the following requirements:
✑ Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable.
✑ User passwords must be 10 characters or more.
Solution: Implement password hash synchronization and configure password protection in the Azure AD tenant.
Does this meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
This solution meets the following requirement:
✑ Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable. (this is because the authentication is performed by Azure Active Directory).
This solution does not meet the following requirement:
✑ Users passwords must be 10 characters or more.
To meet this requirement, you would need to configure the Default Domain Policy in the on-premise Active Directory.
Azure Password Protection can prevent users from using passwords from a 'banned password' list but it cannot be configured to require that passwords must be
10 characters or more.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-password-hash-synchronization
by dad032 at Aug. 22, 2019, 3:23 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
grumpypants
Highly Voted 5 years, 9 months ago
i think the answer is correct. the password policy from on-premises takes over. see microsoft: When password hash synchronization is enabled, the password complexity policies in your on-premises Active Directory instance override complexity policies in the cloud for synchronized users.
upvoted 20 times
moh15
4 years, 10 months ago
then ans is B
upvoted 1 times
...
jdean
5 years, 6 months ago
agree, in fact AzureAD doesnt even store the password rather just a sync of the hash. Any password request change requires writeback (if enabled)
upvoted 2 times
...
...
DJHASH786
Highly Voted 5 years, 6 months ago
B is the answer as you configure password protection policy in AD not Azure
upvoted 10 times
...
Amir1909
Most Recent 1 year, 4 months ago
Correct
upvoted 1 times
...
Amir1909
1 year, 4 months ago
Correct
upvoted 1 times
...
Feyenoord
2 years, 3 months ago
Selected Answer: B
Password protection doesn't provide the ability to set a minimum required password length.
upvoted 1 times
...
Startkabels
2 years, 6 months ago
Selected Answer: B
B it is
upvoted 1 times
...
Cheekypoo
2 years, 10 months ago
Was in my exam today 05/08/22 - along with the other variations of the question.
upvoted 1 times
...
spg987
3 years, 10 months ago
In exam today
upvoted 3 times
...
mkoprivnj
4 years, 6 months ago
No for sure!
upvoted 3 times
...
emil568
4 years, 10 months ago
Password could be applied to AD but is not about length of password it is about complexity of password. So it is B
upvoted 2 times
...
Fala_Fel
5 years, 5 months ago
Yep correct Answer is B: No From Microsoft "Password complexity policy - When password hash synchronization is enabled, the password complexity policies in your on-premises Active Directory instance override complexity policies in the cloud for synchronized users. You can use all of the valid passwords from your on-premises Active Directory instance to access Azure AD services." https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-password-hash-synchronization Therefore password protection in Azure will not enforce 10 characters or more.
upvoted 7 times
Goofer
5 years, 4 months ago
It is password policy of on-premise active directory (that will be synced by azure ad connect) Answer B is correct
upvoted 2 times
Goofer
5 years, 4 months ago
wrong reply
upvoted 1 times
...
...
...
Marz
5 years, 5 months ago
I think the answer is B. To use Azure Password Protection you need to install an agent on the DC. This is not done. So this is wrong. You would need to configure local GPO to set the minimum PW length to 10 in this case. And it is not mentioned.
upvoted 1 times
Marz
5 years, 5 months ago
See also question 10 of this topic. It supports my idea that the password policy should be set in local AD. Not Azure.
upvoted 4 times
...
...
dad032
5 years, 10 months ago
Password hash synchronization and configure password protection is correct, so for me the correct answer is YES.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel