ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-100 All Questions

View all questions & answers for the MS-100 exam
Go to Exam

Exam MS-100 topic 4 question 12 discussion

Actual exam question from Microsoft's MS-100
Question #: 12
Topic #: 4
[All MS-100 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company plans to deploy several Microsoft Office 365 services.
You need to design an authentication strategy for the planned deployment. The solution must meet the following requirements:
✑ Users must be able to authenticate during business hours only.
✑ Authentication requests must be processed successfully if a single server fails.
✑ When the password for an on-premises user account expires, the new password must be enforced the next time the user signs in.
✑ Users who connect to Office 365 services from domain-joined devices that are connected to the internal network must be signed in automatically.
Solution: You design an authentication strategy that uses password hash synchronization and seamless SSO. The solution contains two servers that have an
Authentication Agent installed.
Does this meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
This solution meets the following requirements:
✑ Users who connect to Office 365 services from domain-joined devices that are connected to the internal network must be signed in automatically.
Authentication requests must be processed successfully if a single server fails.

The following requirements are not met:
✑ Users must be able to authenticate during business hours only.
✑ When the password for an on-premises user account expires, the new password must be enforced the next time the user signs in.
To meet these two requirements, you would have to configure pass-through authentication.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn
by arai002 at April 8, 2021, 8:54 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
joergsi
3 years, 6 months ago
Selected Answer: B
My checklist would be the following: => Two or more AD Connects are needed, 1 active, at least one in staging mode => No => Passthrough authentication => No => Seamless SSO => Yes => (B)
upvoted 1 times
...
Eric_
3 years, 8 months ago
How strange, here we suddenly do not have logon-times configured, in other questions it was just assumed it was. Inconsistent questioning...
upvoted 2 times
...
melatocaroca
4 years, 1 month ago
Answer: NO Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) automatically signs users in when they are on their corporate devices connected to your corporate network. When enabled, users don't need to type in their passwords to sign in to Azure AD, and usually, even type in their usernames Seamless SSO can be combined with either the Password Hash Synchronization or Pass-through Authentication sign-in methods. Seamless SSO is an opportunistic feature. If it fails for any reason, the user sign-in experience goes back to its regular behavior - i.e, the user needs to enter their password on the sign-in page. The solution contains two servers that have an Authentication Agent installed is not part of this equation, because are not required in this scenario, SSO for joined domain devices that will sign in Office 365 in an automatic way Reference: • https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso • https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-how-it-works
upvoted 1 times
melatocaroca
4 years, 1 month ago
Forgot, than Users must be able to authenticate during business hours only. no any reference about Group policy configured, so double NO
upvoted 2 times
...
joergsi
3 years, 6 months ago
Requirements: ✑ Users must be able to authenticate during business hours only. ✑ Authentication requests must be processed successfully if a single server fails. => Two or more AD Connects are needed, 1 active, at least one in staging mode ✑ When the password for an on-premises user account expires, the new password must be enforced the next time the user signs in. => Passthrough authentication ✑ Users who connect to Office 365 services from domain-joined devices that are connected to the internal network must be signed in automatically. => Seamless SSO My checklist would be the following: => Two or more AD Connects are needed, 1 active, at least one in staging mode => No => Passthrough authentication => No => Seamless SSO => (B)
upvoted 1 times
...
...
arai002
4 years, 3 months ago
ANS:No Seamless SSO can be combined with either the Password Hash Synchronization or Pass-through Authentication sign-in methods https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel