Question 105 of 267 from exam AZ-303: Microsoft Azure Architect Technologies
Question
HOTSPOT -
You need to design an authentication solution that will integrate on-premises Active Directory and Azure Active Directory (Azure AD). The solution must meet the following requirements:
-> Active Directory users must not be able to sign in to Azure AD-integrated apps outside of the sign-in hours configured in the Active Directory user accounts.
-> Active Directory users must authenticate by using multi-factor authentication (MFA) when they sign in to Azure AD-integrated apps.
-> Administrators must be able to obtain Azure AD-generated reports that list the Active Directory users who have leaked credentials.
-> The infrastructure required to implement and maintain the solution must be minimized.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Explanations
Box 1: Pass-through Authentication with Azure AD Seamless SSO
Azure AD Seamless SSO versus Active Directory Federation Services
Companies with a security requirement to immediately enforce on-premises user account states, password policies, and sign-in hours might use Azure AD Pass-through Authentication.
You can combine Pass-through Authentication with the Seamless Single Sign-On feature.
Note: Azure AD supports the following authentication methods for hybrid identity solutions.
-> Azure AD password hash synchronization
-> Azure AD Pass-through Authentication
Box 2: Azure MFA -
One key benefit with Azure AD Pass-through Authentication is that it works seamlessly with Azure MFA.
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn