Exam MS-102 topic 1 question 91 discussion

I would choose A. According to the MS documentation: "Does password hash synchronization act as a fallback to Pass-through Authentication? No. Pass-through Authentication does not automatically failover to password hash synchronization. To avoid user sign-in failures, you should configure Pass-through Authentication for high availability." https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/how-to-connect-pta-faq#does-password-hash-synchronization-act-as-a-fallback-to-pass-through-authentication- Therefore, without any admin actions, authentication won't be possible for any user until the admin make some changes on the tenant.

B. Cloud user won't be affected. Why? Because Pass-through auth is ON for the on-prem soured users. Password Hash Sync is not an auto-fallback kind of a thing. Therefore, those users cannot authenticate without some work on the configuration to enable it, since the authentication happens on-prem.

B is true. PTA doesn't fallback automatically to Password Hash. Since user1 is a cloud only user, user 1 will still be able to login.

My selection is B User 1 only. Direct authentication requires the local network to be available.

The users have been synched then connection to on prem was lost . So you cant log in to on prem but can you log in to the cloud . The question asks “You need to identify which users will be able to authenticate by using Azure AD if connectivity between on-premises Active Directory and the internet is lost. Which users should you identify?” So yes you will be able to log in to azure and seeing the creds for all three users have been synched previously then I would choose D

Lost connection

L'utilisateur 1 uniquement. L'authentification directe nécessite que le réseau local soit disponible or le hachage dee mot de passe crypte les mots de passes et les stocke dans l' entra id

PTA works for synced users only. Cloud-native users always use Entra ID for authentication, even if PTA is enabled.

https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/choose-ad-authn

https://www.reddit.com/r/Office365/comments/zqmfho/passthrough_authentication_and_password_hash/

Initially i thought User1 and User2 but then realised that a change would be needed to switch to PHS. User1 being cloud only wouldnt be impacted so answer is B.

Chat GPT say only User1 because in the event of a connectivity loss between on-premises Active Directory and the internet, User1 will be able to authenticate using Azure AD because they are cloud-native and have the necessary authentication methods enabled. User2 may face authentication issues as they rely on on-premises AD DS for authentication, and User3 is not provisioned in Azure AD, so they won't be able to authenticate through Azure AD.

Hash Sync syncs every 2 min, so if on prem communication is down i would not think that the authentication will happen

Vote for B

Correct Answer B, Cloud User won't be affected. Tested on my lab.

User1 is a cloud only user, no ? So i think he will be able to authenticate by Azure AD. So B for me.

it Should be A