ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-303 All Questions

View all questions & answers for the AZ-303 exam
Go to Exam

Exam AZ-303 topic 2 question 16 discussion

Actual exam question from Microsoft's AZ-303
Question #: 16
Topic #: 2
[All AZ-303 Questions]

HOTSPOT -
Your network contains an on-premises Active Directory domain named contoso.com that contains a user named User1. The domain syncs to Azure Active
Directory (Azure AD).
You have the Windows 10 devices shown in the following table.

The User Sign-In settings are configured as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: Yes -
Seamless SSO needs the user's device to be domain-joined only, but it is not used on Azure AD Joined or Hybrid Azure AD joined devices. SSO on Azure AD joined, Hybrid Azure AD joined, and Azure AD registered devices works based on the primary refresh token.

Box 2: No -

Box 3: No -
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso
by OmerBeyond at Jan. 4, 2021, 7:30 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
azurecert2021
Highly Voted 4 years, 5 months ago
answer should be Y Y N key benefit of Seamless SSO is Users are automatically signed into both on-premises and cloud-based applications and can be combined with either the Password Hash Synchronization or Pass-through Authentication sign-in methods. However this feature cannot be used with Active Directory Federation Services (ADFS). Azure AD Join provides SSO to users if their devices are registered with Azure AD. These devices don't necessarily have to be domain-joined. SSO is provided using primary refresh tokens or PRTs, and not Kerberos.
upvoted 82 times
...
Koba
Highly Voted 4 years, 5 months ago
Y N N Seamless SSO needs the user's device to be domain-joined only, but it is not used on Azure AD Joined or Hybrid Azure AD joined devices. SSO on Azure AD joined, Hybrid Azure AD joined, and Azure AD registered devices works based on the primary refresh token. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso
upvoted 19 times
dandirindan
4 years, 5 months ago
this explanation is great and from microsoft perspective, https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso#key-benefits
upvoted 4 times
HDZ78
4 years ago
Actually that article clearly shows the answer should be Y Y N, "For Windows 10, Windows Server 2016 and later versions, it’s recommended to use SSO via primary refresh token (PRT). For windows 7 and 8.1 it’s recommended to use Seamless SSO. Seamless SSO needs the user's device to be domain-joined, but it is not used on Windows 10 Azure AD joined devices or hybrid Azure AD joined devices. SSO on Azure AD joined, Hybrid Azure AD joined, and Azure AD registered devices works based on the Primary Refresh Token (PRT)". The question clearly states at the start that these are Windows 10 devices.
upvoted 14 times
gizda2
3 years, 9 months ago
Listen to this guy folks. ^^ This is the most useful comment in this thread.
upvoted 4 times
...
...
...
One111
4 years, 3 months ago
Question is about sso,not seamless SSO. So 1 gets SSO using seamless sso, 2 gets sso via prt (both by defaults). 3 also can get sso via prt,but would need to be registered (work plac e joined) first. Correct answer is YYN.
upvoted 22 times
One111
4 years, 3 months ago
Also Semless SSO works with both on-premises ad- joined and hybrid aad-joined computers,because to join aad hybrid computer must be part of local domain.
upvoted 1 times
...
...
...
rxlicon
Most Recent 1 year, 10 months ago
Question is about sso, not seamless SSO. 1 gets SSO using seamless sso, 2 gets sso via prt (both by defaults). 3 also can get sso via prt,but would need to be registered (work plac e joined) first. Correct answer is YYN.
upvoted 1 times
...
itvinoth83
3 years, 3 months ago
Appeared in exam on 28-03-2022
upvoted 1 times
...
kristhiank
3 years, 4 months ago
On exam today, Passed YYN
upvoted 2 times
...
shree178
3 years, 4 months ago
On exam today 19-2-2022.. Passed with 871.
upvoted 1 times
...
moon2351
3 years, 4 months ago
YYN is correct
upvoted 1 times
...
nd78
3 years, 5 months ago
on Exam today 21st Jan, 2022
upvoted 1 times
...
plmmsg
3 years, 6 months ago
answers is Y, Y, N
upvoted 2 times
...
jmay
3 years, 6 months ago
For the second question, I actually managed to test it using my company's AAD and one of My Win 10 VMs. So I went to Add School or work Account > Join Azure Active Directory > Login using my company account (email/password) > Lauch Edge > goto portal.azure.com and SSO worked flawlessly. I was logged in without being prompted with anything. So the answer should be Y for questions 2.
upvoted 2 times
...
tejasmehta8819
3 years, 8 months ago
Was is exam today. Scored 8XX, Answer YYN
upvoted 2 times
...
MOLLYHAN
3 years, 8 months ago
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-faq Azure AD Join provides SSO to users if their devices are registered with Azure AD. These devices don't necessarily have to be domain-joined. SSO is provided using primary refresh tokens or PRTs, and not Kerberos. The user experience is most optimal on Windows 10 devices. SSO happens automatically on the Microsoft Edge browser. It also works on Chrome with the use of a browser extension. You can use both Azure AD Join and Seamless SSO on your tenant. These two features are complementary. If both features are turned on, then SSO from Azure AD Join takes precedence over Seamless SSO.
upvoted 2 times
...
syu31svc
3 years, 10 months ago
1. Device1 is AD joined, so user will sign in automatically by using SSO. 2. Seamless SSO needs the user's device to be domain-joined only, but it is not used on Azure AD Joined or Hybrid Azure AD joined devices. So, from Device2 and Device3, SSO will not work. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso Yes No No is the answer
upvoted 2 times
JayBee65
3 years, 4 months ago
It asks about SSO not Seamless SSO, so YYN
upvoted 1 times
...
...
hamzeh69
3 years, 11 months ago
Pass exam, come today in my exam 6/7/2021 answered YYY
upvoted 3 times
battleneter
3 years, 11 months ago
Last one is in a Workgroup, no possible way that is right.
upvoted 6 times
...
jr_luciano
3 years, 5 months ago
So this is a question you got wrong.
upvoted 2 times
...
...
ThomasKong
4 years ago
Sync status is "enabled" so is YYN
upvoted 2 times
...
nfett
4 years ago
YYN for me based on https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start
upvoted 2 times
...
nfett
4 years ago
YYN for me based on https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel