Table of Contents
Which Azure Identity Models Require Azure AD Connect for Configuration?
Learn which Azure identity models, such as Synchronized and Federated, are configured using Azure AD Connect. Understand the role of Azure AD Connect in Password Hash Synchronization (PHS), Pass-through Authentication (PTA), and federation for your AZ-500 exam.
Question
Azure AD Connect is used to configure which of the following identity models?
A. Synchronized and Federated
B. Synchronized
C. Cloud only
D. All the above
Answer
A. Synchronized and Federated
Explanation
The correct answer is A because Azure AD Connect is the tool designed specifically to establish a hybrid identity by connecting an on-premises Active Directory with Azure Active Directory. It is fundamental for implementing both Synchronized and Federated identity models.
Both the Synchronized and Federated models leverage Azure AD Connect. Both the Synchronized and Federated models leverage Azure AD Connect.
Azure AD Connect Overview
Azure AD Connect is a Microsoft tool that integrates your on-premises Active Directory Domain Services (AD DS) with Azure Active Directory (Azure AD). Its core purpose is to synchronize identity objects (users, groups, contacts) and facilitate single sign-on capabilities for hybrid environments.
Synchronized Identity Model
This model involves replicating identity objects from the on-premises directory to Azure AD. Azure AD Connect is essential for this process and enables several sign-on methods.
- Password Hash Synchronization (PHS): Azure AD Connect synchronizes a hash of the user’s on-premises password to Azure AD. This allows users to use the same credentials for both on-premises and cloud resources, with authentication occurring in the cloud.
- Pass-through Authentication (PTA): With PTA, Azure AD Connect installs a lightweight agent on-premises. When a user signs in, Azure AD passes the credential validation request to this agent, which verifies the password against the on-premises AD DS in real-time. This model requires Azure AD Connect for both synchronization and authentication.
Federated Identity Model
In a federated model, Azure AD Connect is still used to synchronize identity objects from the on-premises AD DS to Azure AD. The key difference is that authentication is delegated to a separate, trusted on-premises identity provider, such as Active Directory Federation Services (AD FS). When a user signs in to an Azure AD-integrated application, Azure AD redirects the authentication request to the federation server. Although AD FS handles the authentication, Azure AD Connect is required to set up the initial federation trust and to ensure the identity information in Azure AD remains current with the on-premises directory.
Cloud-Only Identity Model
This model involves users that are created and managed exclusively within Azure AD. These identities have no link to an on-premises directory. Since there is no on-premises environment to synchronize from, Azure AD Connect is not used in a cloud-only identity architecture. This makes options C and D incorrect.
Microsoft Certified Azure Security Engineer Associate AZ-500 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Microsoft Certified Azure Security Engineer Associate AZ-500 exam and earn Microsoft Certified Azure Security Engineer Associate AZ-500 certification.