AZ-800 · Question #66
AZ-800 Question #66: Real Exam Question with Answer & Explanation
The correct answer is D: Select the Configure Hybrid Azure AD join option.. {"question_number": 8, "correct_answer": "D", "explanation": "Conditional Access policies in Azure AD can enforce conditions based on device state (e.g., requiring compliant or Hybrid Azure AD joined devices). For on-premises AD DS-joined devices to be recognized by Azure AD Cond
Question
Your network contains an on -premises Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains the objects shown in the following table. You plan to sync contoso.com with an Azure Active Directory (Azure AD) tenant by using Azure AD Connect. You need to ensure that all the objects can be used in Conditional Access policies. What should you do?
Options
- AChange the scope of Group2 to Universal
- BClear the Configure device writeback option.
- CChange the scope of Group1 and Group2 to Global
- DSelect the Configure Hybrid Azure AD join option.
Explanation
{"question_number": 8, "correct_answer": "D", "explanation": "Conditional Access policies in Azure AD can enforce conditions based on device state (e.g., requiring compliant or Hybrid Azure AD joined devices). For on-premises AD DS-joined devices to be recognized by Azure AD Conditional Access, they must be registered in Azure AD through Hybrid Azure AD join. Enabling 'Configure Hybrid Azure AD join' in Azure AD Connect causes it to sync on-premises computer objects and register them in Azure AD, making those devices visible and evaluable in Conditional Access. Changing Group1 or Group2 scope (options A and C) affects group synchronization but not device registration. Clearing device writeback (option B) would actually remove device objects from on-premises AD, the opposite of what is needed.", "generated_by": "claude-sonnet", "llm_judge_score": 4}
Topics
Community Discussion
No community discussion yet for this question.