AZ-800 · Question #79
AZ-800 Question #79: Real Exam Question with Answer & Explanation
The correct answer is A: Device writeback. Hybrid certificate trust deployments need the device write back feature. Authentication to the Windows Server 2016 Active Directory Federation Services needs both the user and the computer to authenticate. Typically the users are synchronized, but not devices. This prevents AD FS
Question
You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant. You have several Windows 10 devices that are Azure AD hybrid-joined. You need to ensure that when users sign in to the devices, they can use Windows Hello for Business. Which optional feature should you select in Azure AD Connect?
Options
- ADevice writeback
- BGroup writeback
- CPassword writeback
- DDirectory extension attribute sync
- EAzure AD app and attribute filtering
Explanation
Hybrid certificate trust deployments need the device write back feature. Authentication to the Windows Server 2016 Active Directory Federation Services needs both the user and the computer to authenticate. Typically the users are synchronized, but not devices. This prevents AD FS from authenticating the computer and results in Windows Hello for Business certificate enrollment failures. For this reason, Windows Hello for Business deployments need device writeback, which is an Azure Active Directory premium feature. https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello- hybrid-cert-trust-prereqs
Topics
Community Discussion
No community discussion yet for this question.