ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-100 All Questions

View all questions & answers for the MS-100 exam
Go to Exam

Exam MS-100 topic 4 question 34 discussion

Actual exam question from Microsoft's MS-100
Question #: 34
Topic #: 4
[All MS-100 Questions]

Your network contains an Active Directory domain named contoso.com.
All users authenticate by using a third-party authentication solution.
You purchase Microsoft 365 and plan to implement several Microsoft 365 services.
You need to recommend an identity strategy that meets the following requirements:
✑ Provides seamless SSO
✑ Minimizes the number of additional servers required to support the solution
✑ Stores the passwords of all the users in Microsoft Azure Active Directory (Azure AD)
✑ Ensures that all the users authenticate to Microsoft 365 by using their on-premises user account
You are evaluating the implementation of federation.
Which two requirements are met by using federation? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

  • A. minimizes the number of additional servers required to support the solution
  • B. provides seamless SSO
  • C. stores the passwords of all the users in Azure AD
  • D. ensures that all the users authenticate to Microsoft 365 by using their on-premises user account
Show Suggested Answer Hide Answer
Suggested Answer: BD 🗳️
When you choose this federation as the authentication method, Azure AD hands off the authentication process to a separate trusted authentication system, such as on-premises Active Directory Federation Services (AD FS), to validate the user's password. AD FS can use on-premise Active Directory as an authentication provider. AD FS can also provide SSO when using Active Directory as an authentication provider.
Incorrect Answers:
A: Additional servers are required to support the AD FS infrastructure.
C: The passwords are not synchronised to Azure AD.
Reference:
https://docs.microsoft.com/en-us/azure/security/azure-ad-choose-authn
by [deleted] at Aug. 11, 2020, 5:36 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
[Removed]
Highly Voted 4 years, 8 months ago
Answer: B D Explanation When you choose this federation as the authentication method, Azure AD hands off the authentication process to a separate trusted authentication system, such as on-premises Active Directory Federation Services (AD FS), to validate the user's password. AD FS can use on-premises Active Directory as an authentication provider. AD FS can also provide SSO when using Active Directory as an authentication provider.
upvoted 21 times
...
Fegoseen
Highly Voted 4 years, 6 months ago
The only possible answer is B and D. A is obviously wrong as with federation you need more infrastructure compared to other authentication methods. C is another very wrong option as with federation authentication Azure AD hands off everything to the authentication agent installed on-premise. Answer is correct: B D
upvoted 7 times
...
One111
Most Recent 1 year, 7 months ago
Selected Answer: BD
ADFS offers kerberos SSO, seamless SSO is hybrid functionality offered with PHS or PtA. But this is probably just a typo.
upvoted 1 times
...
One111
2 years, 3 months ago
Selected Answer: D
It must be typo as adfs don't support Seamless SSO, just regular SSO based on kerberos.
upvoted 2 times
...
haazybanj
3 years, 6 months ago
I don't understand the question and answer options
upvoted 5 times
...
melatocaroca
3 years, 10 months ago
Correct Answer: B, D When you choose this federation as the authentication method, Azure AD hands off the authentication process to a separate trusted authentication system, such as on-premises Active Directory Federation Services (AD FS), to validate the user's password. AD FS can use on-premise Active Directory as an authentication provider. AD FS can also provide SSO when using Active Directory as an authentication provider. Incorrect Answers: A: Additional servers are required to support the AD FS infrastructure. C: The passwords are not synchronized to Azure AD. (Require agents on-premise DC) Password synchronization – Utilizes the password change notification service (PCNS) to capture password changes from Active Directory and propagate them to other connected data sources. Reference: https://docs.microsoft.com/en-us/azure/security/azure-ad-choose-authn https://samilamppu.com/2019/01/04/from-adfs-to-password-hash-sync-and-seamless-sso/ https://docs.microsoft.com/en-us/microsoft-identity-manager/infrastructure/mim2016-password-management
upvoted 3 times
...
lucidgreen
4 years, 1 month ago
Two answers required. A&C are out.
upvoted 2 times
lucidgreen
4 years, 1 month ago
Don't be fooled by the imaginary misuse of the term "seamless". "Seamless SSO" is more of a branding/feature offering that uses a couple variations of an authentication technology, depending on the version of Windows. Different types of SSO can be "seamless" in their own ways.
upvoted 5 times
...
...
mkoprivnj
4 years, 4 months ago
B & D for sure!
upvoted 3 times
...
us3r
4 years, 4 months ago
https://docs.microsoft.com/en-us/office365/troubleshoot/active-directory/set-up-adfs-for-single-sign-on B is correct
upvoted 2 times
...
PersonT
4 years, 6 months ago
Seamless SSO can be combined with either the Password Hash Synchronization or Pass-through Authentication sign-in methods. Seamless SSO is not applicable to Active Directory Federation Services (ADFS). https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso
upvoted 2 times
VTHAR
4 years, 6 months ago
Yes, that's right. B is incorrect. It must be C since ADFS requires additional server (recommended) which cross A out.
upvoted 2 times
...
HAdjerHY
4 years ago
https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/overview/whats-new-active-directory-federation-services-windows-server
upvoted 1 times
TimurKazan
3 years, 7 months ago
thanks,mate, now AD FS can provide us with Seamless SSO
upvoted 1 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago