ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-800 All Questions

View all questions & answers for the AZ-800 exam
Go to Exam

Exam AZ-800 topic 1 question 11 discussion

Actual exam question from Microsoft's AZ-800
Question #: 11
Topic #: 1
[All AZ-800 Questions]

Your network contains an on-premises Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains the objects shown in the following table.

You plan to sync contoso.com with an Azure Active Directory (Azure AD) tenant by using Azure AD Connect.
You need to ensure that all the objects can be used in Conditional Access policies.
What should you do?

  • A. Select the Configure Hybrid Azure AD join option.
  • B. Change the scope of Group1 and Group2 to Global.
  • C. Clear the Configure device writeback option.
  • D. Change the scope of Group2 to Universal.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by edykss at Sept. 13, 2022, 4:50 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
edykss
Highly Voted 2 years, 7 months ago
Given answer is correct.
upvoted 11 times
ltkiller
2 months, 3 weeks ago
This one was tough! Seen about 10 installations, none of them had the option, the options comes AFTER you configured AD Connect, open it again to configure it. This will allow devices to be synced to Azure AD. @13:08 https://www.youtube.com/watch?v=ohFGjg7-cr4 Domain Local groups are not synced, they are ignored, so it must be set to universal. So yeah, 2 options here: whats worse, missing 1 group that may not be able to convert to Universal or all your devices, Go with A!
upvoted 1 times
...
...
syu31svc
Highly Voted 2 years, 1 month ago
Selected Answer: A
https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-compliant-device Answer is A
upvoted 6 times
...
monisshk
Most Recent 9 months ago
Selected Answer: A
This question is valid Exam date - 27-07-2024
upvoted 2 times
...
boapaulo
1 year, 4 months ago
Why do not D? To ensure that all objects can be used in Conditional Access policies, you must change the scope from Group2 to Universal Universal security groups can be used anywhere in the forest domain, and can include global users and groups from any domain in the forest. Therefore, changing the scope of Group to Universal will allow it to be used in Conditional Access policies Also, it's important to remember that to use Conditional Access, you need an Azure AD Premium license. Azure AD Premium licenses also include features that allow you to change passwords in the cloud and write the changes to your on-premises AD DS https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/identity/azure-ad https://learn.microsoft.com/en-us/entra/identity/domain-services/tutorial-configure-password-hash-sync
upvoted 1 times
...
fran199
1 year, 11 months ago
Selected Answer: A
A... Given answer is correct.
upvoted 1 times
...
SuradjBajaj
2 years, 2 months ago
Correct! Hybrid Azure AD join needs to be configured to enable Computer1 to be used in Conditional Access Policies. Synchronized users, universal groups and domain local groups can be used in Conditional Access Policies.
upvoted 1 times
...
ant_12
2 years, 3 months ago
Hybrid Azure AD join Allows computer accounts in the on-premises AD DS forest to register with Azure AD. Configuring this option allows you to use features including conditional access in Azure. Thomas, Orin. Exam Ref AZ-800 Administering Windows Server Hybrid Core Infrastructure (3570357) (p. 63). Pearson Education. Kindle Edition.
upvoted 5 times
...
Lu5ck
2 years, 4 months ago
Selected Answer: C
The concept of "writeback" is "Azure-to-onPremises". Hybrid Azure join on the other hand is "onPremises-to-Azure". "Conditional access" is a azure feature, not available on premises. Thus, to access such feature, it has to be "azure-to-onPremise" aka writeback.
upvoted 3 times
Lu5ck
2 years, 4 months ago
Reading it again, C say "<Clear> the Configure device writeback option" but we need to enable it. Therefore, A is the only sensible answer. sorry about this.
upvoted 9 times
...
...
[Removed]
2 years, 5 months ago
I think the correct answer is C. https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-device-options "Device writeback: Device writeback is used to enable Conditional Access based on devices to AD FS (2012 R2 or higher) protected devices" https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-device-based-conditional-access-on-premises "The following per-requisites are required before you can begin with on-premises conditional access. To enable device write-back for on premises conditional access "
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago