SC-300 · Question #73
SC-300 Question #73: Real Exam Question with Answer & Explanation
This hotspot question tests knowledge of configuring Self-Service Password Reset (SSPR) authentication methods and password writeback in Azure AD Connect for a hybrid environment.
Question
Hotspot Question You have a Microsoft 365 tenant and an Active Directory domain named adatum.com. You deploy Azure AD Connect by using the Express Settings. You need to configure self-service password reset (SSPR) to meet the following requirements: - When users reset their password, they must be prompted to respond to a mobile app notification or answer three predefined security questions. - Passwords must be synced between the tenant and the domain regardless of where the password was reset. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Answer:
Options
- __typehotspot
- variantdropdown
Explanation
This hotspot question tests knowledge of configuring Self-Service Password Reset (SSPR) authentication methods and password writeback in Azure AD Connect for a hybrid environment.
Approach. For the authentication methods requirement, you must set the number of methods required to reset to 2, and enable both 'Mobile app notification' and 'Security questions' as allowed methods, with the number of security questions required to register and answer set to 3. This satisfies the 'mobile app notification OR three security questions' requirement. For password synchronization in both directions (cloud-to-on-premises and on-premises-to-cloud), you must enable Password Writeback in Azure AD Connect - this allows passwords reset in the cloud via SSPR to be written back to the on-premises Active Directory. Password Hash Synchronization (already enabled via Express Settings) handles on-premises-to-cloud sync, while Password Writeback handles cloud-to-on-premises sync.
Concept tested. The question tests two hybrid identity concepts: (1) SSPR authentication method configuration - specifically setting the number of required methods to 1 and selecting 'Mobile app notification' and 'Security questions (3 required)' so users are presented with either option; and (2) Password Writeback configuration in Azure AD Connect, which is required to sync password resets made in Azure AD back to on-premises Active Directory. Without Password Writeback, passwords reset via SSPR in the cloud would not propagate to the on-premises domain.
Community Discussion
No community discussion yet for this question.