Exam AZ-800 topic 1 question 14 discussion

Device writeback is an optional feature in Azure AD Connect that allows the on-premises AD DS domain to receive information about the Azure AD joined devices, including the device registration state. By enabling this feature, you can ensure that the on-premises AD DS domain has information about the Azure AD joined devices, which is required for Windows Hello for Business to function correctly. Once this information is available in the on-premises AD DS domain, you can set the appropriate policies and configure the required infrastructure to support Windows Hello for Business.

https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs

Answer: A, Device Writeback This feature allows Windows Hello for Business credentials to be synchronized between on-premises Active Directory and Azure AD, enabling hybrid authentication scenarios.

I can safely say that device writeback is NOT required for WHfB to work with Azure AD hybrid joined machines. I'm running this in multiple client environments with only hybrid config.

Correct Answer is "A". Device registration All devices included in the Windows Hello for Business deployment must go through device registration. Device registration enables devices to authenticate to identity providers. >> For cloud only and hybrid deployment, the identity provider is Azure Active Directory <<. For on-premises deployments, the identity provider is the on-premises server running the Windows Server 2016 Active Directory Federation Services (AD FS) role. https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-planning-guide#device-registration

It needs to be A

https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-device-writeback Answer is A

The device writeback is correct!

A - device writeback 100%

Looking at the provided link indeed: Hybrid certificate trust deployments need the device write back feature. Authentication to the Windows Server 2016 Active Directory Federation Services needs both the user and the computer to authenticate. Typically the users are synchronized, but not devices. This prevents AD FS from authenticating the computer and results in Windows Hello for Business certificate enrollment failures. For this reason, Windows Hello for Business deployments need device writeback, which is an Azure Active Directory premium feature.

Answer A: Hybrid certificate trust deployments need the device write back feature. Authentication to the Windows Server 2016 Active Directory Federation Services needs both the user and the computer to authenticate. Typically the users are synchronized, but not devices. This prevents AD FS from authenticating the computer and results in Windows Hello for Business certificate enrollment failures. For this reason, Windows Hello for Business deployments need device writeback, which is an Azure Active Directory premium feature.

Aswer is A

Answer is A, passwords does nothing have to do with Hello for Business

The hybrid-certificate trust deployment needs an Azure Active Directory premium subscription because it uses the device write-back synchronization feature.

Answer is A