ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-102 All Questions

View all questions & answers for the MS-102 exam
Go to Exam

Exam MS-102 topic 1 question 236 discussion

Actual exam question from Microsoft's MS-102
Question #: 236
Topic #: 1
[All MS-102 Questions]

HOTSPOT
-


Overview
-

Litware, Inc. is a consulting company that has a main office in Montreal and a branch office in Seattle.

Litware collaborates with a third-party company named A. Datum Corporation.


Environment
-


On-Premises Environment
-

The network of Litware contains an Active Directory domain named litware.com. The domain contains three organizational units (OUs) named LitwareAdmins, Montreal Users, and Seattle Users and the users shown in the following table.



The domain contains 2,000 Windows 10 Pro devices and 100 servers that run Windows Server 2019.


Cloud Environment
-

Litware has a pilot Microsoft 365 subscription that includes Microsoft Office 365 Enterprise E3 licenses and Azure AD Premium P2 licenses.

The subscription contains a verified DNS domain named litware.com.

Azure AD Connect is installed and has the following configurations:

• Password hash synchronization is enabled.
• Synchronization is enabled for the LitwareAdmins OU only.

Users are assigned the roles shown in the following table.



Self-service password reset (SSPR) is enabled.

The Azure AD tenant has Security defaults enabled.


Problem Statements
-

Litware identifies the following issues:

• Admin1 cannot create conditional access policies.
• Admin4 receives an error when attempting to use SSPR.
• Users access new Office 365 service and feature updates before the updates are reviewed by Admin2.


Requirements
-


Planned Changes
-

Litware plans to implement the following changes:

• Implement Microsoft Intune.
• Implement Microsoft Teams.
• Implement Microsoft Defender for Office 365.
• Ensure that users can install Office 365 apps on their device.
• Convert all the Windows 10 Pro devices to Windows 10 Enterprise ES.
• Configure Azure AD Connect to sync the Montreal Users OU and the Seattle Users OU.


Technical Requirements
-

Litware identifies the following technical requirements:

• Administrators must be able to specify which version of an Office 365 desktop app will be available to users and to roll back to previous versions.
• Only Admin2 must have access to new Office 365 service and feature updates before they are released to the company.
• Litware users must be able to invite A. Datum users to participate in the following activities:
• Join Microsoft Teams channels.
• Join Microsoft Teams chats.
• Access shared files.
• Just in time access to critical administrative roles must be required.
• Microsoft 365 incidents and advisories must be reviewed monthly.
• Office 365 service status notifications must be sent to Admin2.
• The principle of least privilege must be used.


You need to ensure that Admin4 can use SSPR.

Which tool should you use, and which action should you perform? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by jakke91 at Oct. 6, 2023, 12:31 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
northgaterebel
Highly Voted 1 year, 6 months ago
Enable password writeback Azure AD Connect Password writeback must first be enabled in AD Connect. https://learn.microsoft.com/en-us/entra/identity/authentication/tutorial-enable-sspr-writeback
upvoted 27 times
BigO76
3 months, 3 weeks ago
answers correct... its not Entra because while Entra can enable and manage SSPR policies, it cannot enable Password Writeback. This is strictly configured through Azure AD Connect.
upvoted 1 times
...
...
Tr619899
Most Recent 6 months, 3 weeks ago
1. Action: Enable Password Writeback – this is necessary to allow password changes in Azure AD to be written back to the on-premises Active Directory. 2. Tool: Azure AD Connect – Password writeback is configured using Azure AD Connect, enabling synchronization between on-premises AD and Azure AD for password resets.
upvoted 3 times
...
b2be347
7 months, 1 week ago
To enable password writeback in SSPR, complete the following steps: Sign in to the Microsoft Entra admin center as Global Administrator. Browse to Protection > Password reset, then choose On-premises integration. Check the option for Write back passwords to your on-premises directory . (optional) If Microsoft Entra Connect provisioning agents are detected, you can additionally check the option for Write back passwords with Microsoft Entra Connect cloud sync. Check the option for Allow users to unlock accounts without resetting their password to Yes. When ready, select Save. Tool: Microsoft Entra ADMIN CENTER https://learn.microsoft.com/en-us/entra/identity/authentication/tutorial-enable-sspr-writeback
upvoted 1 times
...
APK1
8 months, 2 weeks ago
Azure AD Connect is the correct answer - why Azure AD Connect is wrong here?
upvoted 1 times
...
APK1
8 months, 2 weeks ago
Azure AD Connect is the correct answer - why Azure AD Connect is wrong here?
upvoted 1 times
...
de0e20a
11 months, 3 weeks ago
So the answer is correct: Action is enable password write back, and Tool is Microsoft Entra admin center, here is why.... So this one is really a stupid gotcha, it has to do with timelines and how Microsoft words things in their documentation. As of August 15, 2023 Azure AD Sync became Microsoft Entra Connect same application same configurations but new shiny name to go along with the renaming of Azure AD to Microsoft Entra ID. Because of the MS102 test being released in September 9th of the same year, Ther is no Azure AD connect. And if you go through the guide on how to setup password write back there is a section on how to properly setup Enable password writeback for SSPR. Which is done in Enter admin center. https://learn.microsoft.com/en-us/entra/identity/authentication/tutorial-enable-sspr-writeback
upvoted 2 times
...
KerrAvon
1 year, 1 month ago
The descriptive states that Self-service password reset (SSPR) is enabled - this is the part in Entra admin. So the writeback now needs to be enabled in Entra Connect (AADC)
upvoted 1 times
...
MvdSpoel
1 year, 5 months ago
Answers are Enable password writeback and Azure AD Connect. Please not that Azure AD Connect is also named Microsoft Entra Connect
upvoted 3 times
...
Greatone1
1 year, 6 months ago
https://www.examtopics.com/discussions/microsoft/view/107026-exam-ms-100-topic-13-question-1-discussion/
upvoted 2 times
...
Greatone1
1 year, 6 months ago
Correct answers are enable password write back and azure ad connect
upvoted 4 times
...
jakke91
1 year, 6 months ago
Trick question as I would have normally said AADConnect, but: https://learn.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr-writeback
upvoted 2 times
spectre786
1 year, 6 months ago
Could you please comment on all questions from 122 to 236, only when there is no existing comment already ? Thank you for your help.
upvoted 1 times
...
CheMetto
1 year, 5 months ago
Nope! By default, Microsoft Entra ID enables self-service password reset for admins. They're required to use two authentication methods to reset their password. For more information, see Administrator reset policy differences. https://learn.microsoft.com/en-us/entra/identity/authentication/tutorial-enable-sspr It's AADConnect the answer.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago