Azure Active Directory Hybrid Identity Solution for Uninterrupted Authentication

Minimizing Authentication Prompts in Azure AD Hybrid Identity Solution

Prev Question Next Question

Question

Your company wants to use an Azure Active Directory (Azure AD) hybrid identity solution.

You need to ensure that users can authenticate if the internet connection to the on-premises Active Directory is unavailable. The solution must minimize authentication prompts for the users.

What should you include in the solution?

Answers

A. password hash synchronization and Azure AD Seamless Single Sign-On (Azure AD Seamless SSO)

B. pass-through authentication and Azure AD Seamless Single Sign-On (Azure AD Seamless SSO)

C. an Active Directory Federation Services (AD FS) server

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C.

With Password hash synchronization + Seamless SSO the authentication is in the cloud.

Incorrect Answers:

Pass-through Authentication and federation rely on on-premises infrastructure.

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn

To ensure that users can authenticate even if the internet connection to the on-premises Active Directory is unavailable and to minimize authentication prompts for the users, the recommended solution is to use pass-through authentication and Azure AD Seamless Single Sign-On (Azure AD Seamless SSO).

Option A (password hash synchronization and Azure AD Seamless SSO) will synchronize password hashes to Azure AD, but it will not allow users to authenticate if the internet connection to the on-premises Active Directory is unavailable.

Option C (an Active Directory Federation Services (AD FS) server) is an on-premises service that allows users to authenticate with Azure AD using their on-premises Active Directory credentials. However, AD FS requires an internet connection to function, so it does not meet the requirement to ensure that users can authenticate if the internet connection to the on-premises Active Directory is unavailable.

Pass-through authentication is a lightweight authentication method that does not require the synchronization of passwords to Azure AD. Instead, when a user signs in to an Azure AD-connected application, their on-premises credentials are validated by Azure AD via a secure connection. This method ensures that users can authenticate even if the internet connection to the on-premises Active Directory is unavailable.

Azure AD Seamless SSO provides a single sign-on experience for users. It allows users to access Azure AD-connected applications without having to enter their credentials multiple times. With Azure AD Seamless SSO, users are automatically signed in using their on-premises credentials when they are on their corporate network or when they are connected to a remote desktop using Remote Desktop Services.

Therefore, the correct answer is B (pass-through authentication and Azure AD Seamless Single Sign-On (Azure AD Seamless SSO)).

Prev Question Next Question