Exam MS-100 topic 2 question 84 discussion

C and D We need to support the use of Azure AD Identity Protection. https://learn.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn#cloud-authentication

Why in earth password writeback, I'll go A and C

C and D is correct

C e D - O Azure AD Identity Protection requer Sincronização de Hash de Senha, independentemente de qual método de entrada escolhido, para fornecer o relatório Usuários com credenciais vazadas. As organizações podem fazer failover para sincronização de Hash de senha se o método de entrada principal falha, e ele foi configurado antes do evento de falha.

C and D

So many answers are wrong on this dump, Exam topics is substandard and misleading students.

c and d

A & C (Pass-through authentication and Enable single sign-on): -Authentication happens in the cloud after a secure password verification exchange with the on-premises authentication agent. -Requires at least one server for each additional authentication agent. -Offers single sign-on for domain-joined devices within the company network. -Supports Azure AD Identity Protection. D & C (Password Hash Synchronization and Enable single sign-on): -Authentication happens in the cloud. -No additional on-premises server requirements beyond Azure AD Connect. -Offers single sign-on for domain-joined devices within the company network. -Supports Azure AD Identity Protection. -Simpler implementation and reduced on-premises infrastructure. Based on the requirements mentioned in your question, the combination of D & C (Password Hash Synchronization and Enable single sign-on) might be a better choice as it provides a simpler implementation with fewer on-premises infrastructure requirements while still meeting the needs for single sign-on and Azure AD Identity Protection support.

To implement a hybrid configuration that meets the specified requirements, you should select the following options in Azure AD Connect: A. Pass-through authentication: This authentication method enables users to sign in to Microsoft 365 resources using their on-premises passwords, minimizing the number of times they are prompted for credentials. C. Enable single sign-on: This option ensures that users can access Microsoft 365 resources without having to re-enter their credentials, as long as they are logged in to their on-premises Active Directory domain. Therefore, options A and C are correc

C. D.Azure AD Identity Protection requires Password Hash Sync regardless of which sign-in method you choose, to provide the Users with leaked credentials report. Organizations can fail over to Password Hash Sync if their primary sign-in method fails and it was configured before the failure event. sauce: https://learn.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn

C: SSO - Avoids typing Username and Password to every time we access resource D: Hash - Pre-requisite to use Azure Identity Protection

You need Azure AD password hash synchronization in order for Identity Protection to work. So C and D.

Need password hash sync for cloud auth

C and D Azude AD IP requires password hash. https://learn.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn

A and C We need SSO

I'd also go for AC. Password writeback doesn't have anything to do with the authentication itself