ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-100 All Questions

View all questions & answers for the MS-100 exam
Go to Exam

Exam MS-100 topic 4 question 47 discussion

Actual exam question from Microsoft's MS-100
Question #: 47
Topic #: 4
[All MS-100 Questions]

Your network contains an on-premises Active Directory domain. The domain contains 2,000 computers that run Windows 10.
You purchase a Microsoft 365 subscription.
You implement password hash synchronization and Azure Active Directory (Azure AD) Seamless Single Sign-On (Seamless SSO).
You need to ensure that users can use Seamless SSO from the Windows 10 computers.
What should you do?

  • A. Create a conditional access policy in Azure AD.
  • B. Deploy an Azure AD Connect staging server.
  • C. Join the computers to Azure AD.
  • D. Modify the Intranet zone settings by using Group Policy
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by banditben86 at Jan. 10, 2021, 6:40 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
banditben86
Highly Voted 4 years, 3 months ago
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start D is correct
upvoted 9 times
...
Startkabels
Highly Voted 2 years, 5 months ago
Selected Answer: D
I thought C but hey, I'm a flexible guy you know!
upvoted 5 times
Khattak3143
8 months, 2 weeks ago
Wish Microsoft were so flexible on the exams too
upvoted 1 times
...
...
Amir1909
Most Recent 1 year, 2 months ago
D is correct
upvoted 1 times
...
Sironin
2 years, 4 months ago
Selected Answer: D
"You implement password hash synchronization and Azure Active Directory (Azure AD) Seamless Single Sign-On (Seamless SSO)." This tells me we've already done everything we need to do with syncing things to Azure. So if there's a remaining obstacle, it can only be D.
upvoted 1 times
...
L33D
3 years, 5 months ago
Selected Answer: D
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start#why-do-you-need-to-modify-users-intranet-zone-settings Why do you need to modify users' Intranet zone settings? By default, the browser automatically calculates the correct zone, either Internet or Intranet, from a specific URL. For example, http://contoso/ maps to the Intranet zone, whereas http://intranet.contoso.com/ maps to the Internet zone (because the URL contains a period). Browsers will not send Kerberos tickets to a cloud endpoint, like the Azure AD URL, unless you explicitly add the URL to the browser's Intranet zone.
upvoted 5 times
...
TimurKazan
3 years, 7 months ago
it clearly states that device doesn't need to be Azure AD joined, but should be AD joined, so I would go with D
upvoted 3 times
...
samjohnjohn
3 years, 8 months ago
C also seems feasible.
upvoted 3 times
tochno
3 years, 8 months ago
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start It says that "The device doesn't need to be Azure AD Joined" D is correct.
upvoted 1 times
...
...
melatocaroca
3 years, 10 months ago
Answer Can be C or D, IMHO, Better answer C SSO via PRT works once devices are registered with Azure AD for hybrid Azure AD joined, Azure AD joined or personal registered devices via Add Work or School Account. For more information on how SSO works with Windows 10 using PRT https://blog.matrixpost.net/azure-active-directory-seamless-single-sign-on-and-primary-refresh-token-prt/
upvoted 3 times
...
ErikNLH
4 years, 3 months ago
This might be true. but C is also right. For Windows 10, the recommendation is to use Azure AD Join for the optimal single sign-on experience with Azure AD.
upvoted 3 times
exaja
3 years, 11 months ago
The device has to be joined to your Active Directory domain, but it doesn't need to be Azure AD Joined. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start#step-4-test-the-feature
upvoted 1 times
Fcnet
3 years, 9 months ago
this is wrong the device need to be azure ad joined otherwise Sso won't work, tested and validated with a support case too so the answer is C & D both are needed without SCP and without azure ad joined Sso won't work https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-managed-domains#prerequisites
upvoted 1 times
Eggsamine
3 years, 6 months ago
Wrong The device is joined to your Active Directory domain. The device doesn't need to be Azure AD Joined. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start#:~:text=The%20device%20is%20joined%20to%20your%20Active%20Directory%20domain.%20The%20device%20doesn%27t%20need%20to%20be%20Azure%20AD%20Joined.
upvoted 1 times
...
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago