Exam MS-102 topic 1 question 192 discussion

YES NO NO If password writeback is disabled, the password policies in Azure AD and on-premises Active Directory will be enforced independently. By default, the Azure AD password policy requires users to change their passwords every 90 days. However, if you have a hybrid environment and are synchronizing passwords from on-premises Active Directory to Azure AD, the on-premises password policy will apply to your users. In this case, the password expiration period will be determined by your on-premises Active Directory policy settings, not by Azure AD. If you want to enforce a consistent password expiration policy for both on-premises and cloud users, you should configure the password policies in both environments to have the same settings. https://www.examtopics.com/discussions/microsoft/view/48898-exam-ms-100-topic-3-question-69-discussion/

whoever created the answer to this question should be fired

1. Yes, the user is synchronized. 2. No, Password WriteBack is disabled, so the password must be changed in Active Directory, if the user changes the password in the My Apps portal, it will be overridden by the password from AD in the next ADDC sync process. 3. No, if you configure Entra Connect with Password Hash Synchronization (Express Settings), the app will apply the PasswordNeverExpires policy for each user, unless you had configured the "CloudPasswordPolicyForPasswordSyncedUsersEnabled" prior to setup of Entra Connect. This is only seen by PowerShell, even if you have unchecked "Set passwords to never expire (recommended)" in the Admin Center. https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-password-hash-synchronization

Hello, Accordin to link below, you must enabble CloudPasswordPolicyForPasswordSyncedUsersEnabled before cloud Pasword can apply to Synced User. this feature is not enabled here therefore the answer is no https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-password-hash-synchronization

YES,NO, NO the writeback is disabled

In today exam

1. Yes, the user is synced. 2. No, the password must be changed in Active directory, if the user change the password in the My Apps portal, it will be overridden by the password from AD in the next ADDC sync process 3. No, The expiration period comes from Active directory, the policy to expire 90 days in Azure AD doesn't apply. For users synced from on-premises, the password policy is inherited from AD and the policies from Azure AD don't apply.

Yes i can verify we don't buy the licensing for SSPR writeback but passwords still expire. Password expire = Y

Question states, Azure Pword Policy has set password expiry to 90 days. So YNY, Yes you must change the Azure password. It will not sync back to AD, but still must be changed in Azure. Correct?

Because " Password writeback is disabled." YNN