Learn how to efficiently integrate your Active Directory and Azure AD tenant while ensuring password policies and user logon limitations are enforced. Discover the benefits of using pass-through authentication and seamless SSO with password hash synchronization.
Table of Contents
Question
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company has an Active Directory forest with a single domain, named weylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant with the same name.
You have been tasked with integrating Active Directory and the Azure AD tenant. You intend to deploy Azure AD Connect.
Your strategy for the integration must make sure that password policies and user logon limitations affect user accounts that are synced to the Azure AD tenant, and that the amount of necessary servers are reduced.
Solution: You recommend the use of pass-through authentication and seamless SSO with password hash synchronization.
Does the solution meet the goal?
A. Yes
B. No
Answer
A. Yes
Explanation
The solution of using pass-through authentication and seamless SSO with password hash synchronization meets the goal of integrating Active Directory and the Azure AD tenant. Pass-through authentication allows users to sign in to both on-premises and cloud-based applications using the same passwords, without storing the passwords in the cloud. Pass-through authentication validates users’ passwords directly against the on-premises Active Directory, which means that password policies and user logon restrictions are enforced for user accounts that are synced to the Azure AD tenant. Seamless SSO automatically signs users in when they are on their corporate devices connected to the corporate network, without requiring them to type their passwords or usernames. Seamless SSO works with any method of cloud authentication, such as pass-through authentication or password hash synchronization. Password hash synchronization is a feature that synchronizes the hash values of users’ passwords from the on-premises Active Directory to the Azure AD tenant. Password hash synchronization can be used as a backup for pass-through authentication in case of any service outage or network issues. Password hash synchronization also enables users to complete self-service password management tasks in the cloud.
By using pass-through authentication and seamless SSO with password hash synchronization, you can achieve a secure and seamless integration of Active Directory and the Azure AD tenant, while reducing the number of required servers. You do not need any additional components on-premises, such as a federation server or a proxy server, to make this solution work. You only need to install a lightweight agent on one or more on-premises servers to communicate with Azure AD. The agent only makes outbound connections from your network, so you do not need to open any inbound ports on your firewall.
Reference
- Azure > Active Directory > Hybrid identity > Choose the right authentication method for your Azure Active Directory hybrid identity solution
The latest Microsoft AZ-500 Azure Security Technologies certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-500 Azure Security Technologies exam and earn Microsoft AZ-500 Azure Security Technologies certification.
