ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-100 All Questions

View all questions & answers for the MS-100 exam
Go to Exam

Exam MS-100 topic 3 question 82 discussion

Actual exam question from Microsoft's MS-100
Question #: 82
Topic #: 3
[All MS-100 Questions]

HOTSPOT -
You have a Microsoft 365 E5 subscription linked to an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following table.

Password writeback is disabled in Azure AD Connect.
You enable self-service password reset (SSPR) for Group1.
You configure password protection for contoso.com as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
With the password policy, VeRYC0MplexPa55w.rd. is an acceptable password.

Box 1: Yes -
User1 is an Azure AD account so User1 can reset his password.

Box 2: No -
User2 is a Windows Server Active Directory Account. User2 could change the password for the Azure AD account. However, as Password Writeback is disabled, the password change will not be written back to the Windows Server Active Directory account.

Box 3: No -
The Azure AD Tenant is named contoso.com. User3 is a guest account from a different directory named outlook.com. You cannot use SSPR in one directory to change the password for an account in a different directory.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr-writeback
by lucidgreen at April 20, 2021, 1:43 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Arargnum
Highly Voted 4 years, 1 month ago
Answer is Y,N,N User 1 is: Yes because Azure only so can use SSPR User 2 No: Password write back is disabled, so if the password were reset it wont sync back and if changes made local AD would sync back the password to what it was.. User 3: is out side of tenant control etc @outlook.com, we cannot control passwords for domains outside of our own even if a guest account.
upvoted 20 times
F_M
4 years, 1 month ago
The system prevents User2 from using SSPR. A message saying that password writeback is disabled appeard and the procedure ends.
upvoted 4 times
...
...
joergsi
Highly Voted 3 years, 5 months ago
Question 1 = Who can use SSPR (Self Service Password Reset)? AAD and AD User-Accounts! Question 2 = If Password Writeback is disabled, who can change the password? AAD User-Accounts! User1 => AAD => Rule Applys => P55w.rd => Valid Password => YES! User2 => AD => end of story! => No User3 => Neither AAD nor AD account => end of story! => No Correct me where I'm wrong.
upvoted 5 times
...
thehighlandcow
Most Recent 2 years, 2 months ago
Agree with Arargnum for all his stated points. To confirm, with the exact settings as shown in the protection policy, I've tested the password for a cloud only (Azure AD) user, was able to change to VeryC0mplexPa55w.rd
upvoted 1 times
...
fofo1960
3 years, 6 months ago
Wait, Is Password Write Back is disabled, how the SSPR will works to reset users password !
upvoted 1 times
manis73
3 years ago
user1 is not synced from AD
upvoted 1 times
...
...
klosinskil
3 years, 11 months ago
Question doesn't specify from where can user reset his password. All users are allowed to reset their password, 1st from Azure SSPF, 2nd from domain PC, 3rd from Outlook OWA.
upvoted 1 times
klosinskil
3 years, 11 months ago
nvrmind read wrong
upvoted 4 times
...
...
Flacky_Penguin32
4 years ago
Answer: Y, N, N Microsoft accounts that have been granted guest access to your Azure AD tenant, such as those from Hotmail.com, Outlook.com, or other personal email addresses, aren't able to use Azure AD SSPR. https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-howitworks#:~:text=Microsoft%20accounts%20that%20have%20been,to%20use%20Azure%20AD%20SSPR.
upvoted 4 times
...
lucidgreen
4 years, 2 months ago
Y, N, Y The password policy only applies to User 2.
upvoted 3 times
syswiz85
4 years, 2 months ago
I agree. This is a very tricky question.
upvoted 3 times
...
Goseu
4 years, 2 months ago
Does SSPR work for Outlook.com accounts ? Tried and i got : Microsoft Accounts or personal email addresses don’t work here. Make sure you enter your work or school account (e.g. [email protected]).
upvoted 4 times
DiNOINYourHead
4 years, 2 months ago
I think you can use SSPR for outlook.com accounts, because the identity tenancy is MSA (Microsoft Account), it will uses the MSA SSPR mechanism. So, yes, User3 can use SSPR and set the new password. It is not the SSPR from contoso.com tenant, but however it is not defined in the question.
upvoted 2 times
...
...
felipinho109
2 years, 5 months ago
SSPR does not work for Guest accounts. https://github.com/MicrosoftDocs/azure-docs/issues/29147
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel