Exam-Answer

Home / Microsoft / AZ-100 / Question 102

Prev Question
Next Question

Question 102

You configure federated authentication on your Azure subscription for multiple applications. As a part of that work, you enable Home Realm Discovery and set the policy as shown in the exhibit.

The majority of your users can successfully access the application, but several users report that they are unable to sign in.

You need to resolve the problem.

What are two ways to resolve the problem? Each correct answer presents a complete solution.

Answers


Advertisement

Explanation

You should either add the users to the federated.example.edu domain or disable Home Realm Discovery to allow users to login to any domain.

Home Realm Discovery redirects users to a specific federated login endpoint to accelerate the Azure login process. When multiple domains are in play, users may be blocked from logging in if the configuration is not correct. In this example users cannot login to Azure, but the policy indicates that Home Realm Discovery is enabled with a preferred domain of federated.example.edu. Because a preferred domain is specified, it means that every user of the application must be able to login to that domain. Cleary they cannot at this point. One possible solution is to add these users to the federated.example.edu domain to enable them to log in. A second solution would be to disable Home Realm Discovery to allow users to log in to any domain.

You should not change the AllowCloudPasswordValidation property to false. This will not allow a non-preferred domain user from logging in if a preferred domain is set. It only allows a user with a synchronized password hash to login directly to an Azure AD endpoint.

You should not change the PreferredDomain property to the domain that the users who cannot login are from, This will fix the problem for the users who cannot log in, but will subsequently block access for the users who can currently log in.

References

Comments

Load more
Prev Question
Next Question