nerdexam
ExamsAZ-801Questions#27
MicrosoftMicrosoft

AZ-801 · Question #27

AZ-801 Question #27: Real Exam Question with Answer & Explanation

The correct answer is C: From Azure AD Connect, enable single sign-on (SSO).. To reduce manual password prompts for users on hybrid Azure AD-joined devices accessing Microsoft 365 and Azure services, you should enable Seamless Single Sign-On (SSO) from Azure AD Connect. Seamless SSO provides a transparent sign-in experience when users are on the corporate

Secure Windows Server on-premises and hybrid infrastructures

Question

You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant by using password hash synchronization. You have a Microsoft 365 subscription. All devices are hybrid Azure AD-joined. Users report that they must enter their password manually when accessing Microsoft 365 applications. You need to reduce the number of times the users are prompted for their password when they access Microsoft 365 and Azure services. What should you do?

Options

  • AIn Azure AD, configure a Conditional Access policy for the Microsoft Office 365 applications.
  • BIn the DNS zone of the AD DS domain, create an autodiscover record.
  • CFrom Azure AD Connect, enable single sign-on (SSO).
  • DFrom Azure AD Connect, configure pass-through authentication.

Explanation

To reduce manual password prompts for users on hybrid Azure AD-joined devices accessing Microsoft 365 and Azure services, you should enable Seamless Single Sign-On (SSO) from Azure AD Connect. Seamless SSO provides a transparent sign-in experience when users are on the corporate network.

Common mistakes.

  • A. Configuring a Conditional Access policy in Azure AD might enforce authentication requirements but does not inherently reduce password prompts; it could potentially introduce additional authentication steps like multi-factor authentication, depending on the policy.
  • B. Creating an autodiscover record in the DNS zone is primarily relevant for configuring email clients to automatically find Exchange mailboxes, and it does not address the broader issue of single sign-on for all Microsoft 365 and Azure services.
  • D. Configuring pass-through authentication (PTA) in Azure AD Connect is an authentication method where users' passwords are validated directly against on-premises Active Directory. While it's an alternative to password hash synchronization, enabling PTA alone does not automatically provide the seamless SSO experience that reduces password prompts on domain-joined devices.

Concept tested. Azure AD Seamless SSO for hybrid-joined devices

Reference. learn.microsoft.com/azure/active-directory/hybrid/how-to-connect-sso

Topics

#Hybrid Identity#Azure AD Connect#Single Sign-On (SSO)#Authentication

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full AZ-801 PracticeBrowse All AZ-801 Questions