ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-100 All Questions

View all questions & answers for the MS-100 exam
Go to Exam

Exam MS-100 topic 4 question 35 discussion

Actual exam question from Microsoft's MS-100
Question #: 35
Topic #: 4
[All MS-100 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company plans to deploy several Microsoft Office 365 services.
You need to design an authentication strategy for the planned deployment. The solution must meet the following requirements:
✑ Users must be able to authenticate during business hours only.
✑ Authentication requests must be processed successfully if a single server fails.
✑ When the password for an on-premises user account expires, the new password must be enforced the next time the user signs in.
✑ Users who connect to Office 365 services from domain-joined devices that are connected to the internal network must be signed in automatically.
Solution: You design an authentication strategy that uses federation authentication by using Active Directory Federation Services (AD FS). The solution contains two AD FS servers and two Web Application Proxies.
Does this meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by gethisfake at June 1, 2021, 2:40 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
tejb
Highly Voted 3 years, 9 months ago
I believe the answer is YES
upvoted 8 times
...
hufflepuff
Highly Voted 2 years, 7 months ago
Selected Answer: A
ADFS now provides seamless SSO.
upvoted 5 times
DaDaDave
1 year, 9 months ago
The answer does not state that the steps to enable SSO were made, it also does not state that the policy for sign in hours was existing or created
upvoted 1 times
...
...
One111
Most Recent 1 year, 8 months ago
Selected Answer: A
ADFS uses kerberos SSO, seamless SSO is hybrid functionality offered with PHS or PtA. Federation with 2nodes farm of ADFS and wap meets requirements.
upvoted 1 times
...
vanr2000
2 years, 1 month ago
Selected Answer: A
AD FS, now supports SSO Checklist: Use AD FS to implement and manage single sign-on https://learn.microsoft.com/en-us/previous-versions/azure/azure-services/jj205462(v=azure.100) Support options for setting up single sign-on for Microsoft 365 https://learn.microsoft.com/en-us/microsoft-365/troubleshoot/active-directory/support-options-of-set-single-sign-on
upvoted 1 times
...
Feyenoord
2 years, 2 months ago
Selected Answer: A
100% Yes A is the answer!
upvoted 2 times
...
One111
2 years, 5 months ago
Yes, as long as adfs and WAP farms use nlb and wia ua are configured properly for kerberos SSO.
upvoted 1 times
...
joergsi
3 years, 3 months ago
Selected Answer: B
Task: ✑ Users must be able to authenticate during business hours only. ✑ Authentication requests must be processed successfully if a single server fails. => More than 1 connected server required ( ✑ When the password for an on-premises user account expires, the new password must be enforced the next time the user signs in. => Passthrough ✑ Users who connect to Office 365 services from domain-joined devices that are connected to the internal network must be signed in automatically. => Seamless SSO Solution: You design an authentication strategy that uses federation authentication by using Active Directory Federation Services (AD FS). The solution contains two AD FS servers and two Web Application Proxies. Review: Passthrough with Seamless SSO is missing => FAILED! (B)
upvoted 4 times
...
LillyLiver
3 years, 3 months ago
Selected Answer: B
I guessed Yes. After thinking about it, and considering how MS writes their questions, I think the answer is No after all. Nowhere in the question did it say that SSO was enabled. Only that ADFS was deployed as HA. I think the answer is No.
upvoted 3 times
alex_p
3 years, 1 month ago
ADFS provides SSO
upvoted 4 times
...
...
Jkayx94
3 years, 4 months ago
Selected Answer: B
To enable SSO you need to configure Directory Sync to enable SSO to M365. Solution doesn't report this, purely sets up AD FS and connects it to M365.
upvoted 1 times
...
dumpmaster
3 years, 4 months ago
Selected Answer: A
I believe the answer is YES.
upvoted 3 times
...
melatocaroca
3 years, 11 months ago
Correct Answer: B This solution meets the following requirements: Users must be able to authenticate during business hours only. AD on premise policy OK Authentication requests must be processed successfully if a single server fails. ADFS farm OK When the password for an on-premises user account expires, the new password must be enforced the next time the user signs in. ADFS sync with Azure AD password change notification service (PCNS) (agent installed of on-premise DC), to capture password changes from Active Directory and propagate them to other connected data sources The following requirement is not met or yes, but more detailed are required than provides: Users who connect to Office 365 services from domain-joined devices that are connected to the internal network must be signed in automatically. Can be if Azure AD password change notification service (PCNS) (agent installed of on-premise DC), Reference: https://docs.microsoft.com/en-us/azure/security/azure-ad-choose-authn https://docs.microsoft.com/en-us/microsoft-identity-manager/infrastructure/mim2016-password-management
upvoted 1 times
...
LoremanReturns
3 years, 11 months ago
I believe the right answer is YES. Federation provide the ability to login to Microsoft 365 using SSO from domain-joined devices: https://docs.microsoft.com/en-us/office365/troubleshoot/active-directory/set-up-adfs-for-single-sign-on#step-8-configure-the-client-computer-for-single-sign-on. "After you add the Federation server name to the local Intranet zone in Internet Explorer, the NTLM authentication is used when users try to authenticate on the ADFS server. Therefore, they are not prompted to enter their credentials. Administrators can implement Group Policy settings to configure a Single Sign-On solution on client computers that are joined to the domain."
upvoted 4 times
melatocaroca
3 years, 11 months ago
Can be if Azure AD password change notification service (PCNS) (agent installed of on-premise DC), but they do not provide any information about this in the question, so IMHO should YES, with more question info, and NO with the provided question as is, without additional info, no Case study, just plane question
upvoted 1 times
...
...
gethisfake
3 years, 12 months ago
Seamless SSO can be combined with either the Password Hash Synchronization or Pass-through Authentication sign-in methods. Seamless SSO is not applicable to Active Directory Federation Services (ADFS).
upvoted 2 times
TimurKazan
3 years, 8 months ago
that is not correct. please read about what's new in AD FS
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel