Explore Identity Synchronization

Question 1

Define cloud-only identities

Answer 1

The user identity only exists in the cloud. All password management and policy control are done through Azure AD.

Question 2

What Azure AD authentication option uses a software agent running on an on-premises server to validate the user in Active Directory?

Answer 2

Pass-Through Authentication (PTA)

Question 3

True or false: With PTA, users can only sign into their Microsoft 365 resources using their on-premises account and password?

Answer 3

False

Question 4

What synchronization service does SSO work with to provide authentication?

Answer 4

Active Directory Federation Services

Question 5

What is the key difference between PTA and SSO?

Answer 5

SSO requires another proxy server because AD FS Server isn’t allowed to accept public connections.

Question 6

What is the primary purpose of on-premises Active Directory?

Answer 6

Scalable, secure, and manageable infrastructure for user and resource management using access control at the object level.

Question 7

What is an Azure AD resource?

Answer 7

Any logical object: permissions, apps, services, Sharepoint sites, on-premises resources, etc.

Question 8

Whether on-premises, cloud, or hybrid what are the default permissions provided to a new user?

Answer 8

The least amount of privilege, especially no administrator privileges.

Question 9

List the three types of user provisioning.

Answer 9

1. On-premise only
2. Cloud-only
3. Hybrid

Question 10

What technology facilitates hybrid user provisioning?

Answer 10

Azure AD Connect

Question 11

Which Microsoft 365 provisioning option do companies prefer when they want more administrative versatility and another disaster recovery backup option?

Answer 11

Hybrid

Question 12

Explain Azure AD write back

Answer 12

The process of directory synchronization that begins in the cloud and synchs “down” to the on-premises directory.

Question 13

What was Azure AD Connect called before?

Answer 13

• Windows Azure AD Synchronization

- DirSync

Question 14

Three parts of ____________

1. Synchronization services
2. ADFS (optional)
3. Monitoring

Answer 14

Azure AD Connect

Question 15

True or False:

Licenses are automatically assigned in Microsoft 365 when Azure AD connect synchronizes objects from Active Directory?

Answer 15

False

Question 16

Are all Active Directory attributes synchronized to Microsoft 365 through Azure AD Connect?

Answer 16

No

Question 17

Scenarios supported by ____________

1. Multiple Active Directory forests
2. Multiple Exchange organizations to one 365 tenant

Answer 17

Azure AD Connect

Question 18

What is the single source of authority when using Azure AD Connect?

Answer 18

Active Directory on-premises

Question 19

Explain this Azure AD Connect feature:

Exchange hybrid deployment.

Answer 19

Used to implement an Exchange hybrid deployment with one or multiple on-premises Exchange organizations.

Question 20

Explain this Azure AD Connect feature:

Exchange mail-enabled public folders

Answer 20

Synchronizes mail-enabled public folder objects from on-premises Active Directory to Azure AD.

Question 21

Azure AD Connect provides which of the following features?

• Migrates Exchange public folders from your on-premises organization to Exchange Online
• Password writeback that enables your users to change and reset their passwords in the cloud and have your on-premises password policy applied
• Determines the on-premises domain suffixes, identifies whether any domains are already verified with Microsoft 365, and validates the appropriate DNS records

Answer 21

Password writeback that enables your users to change and reset their passwords in the cloud and have your on-premises password policy applied

Question 22

Azure AD Connect includes an optional group writeback feature. Group writeback writes groups from Azure AD to on-premises Active Directory. Which type of groups can be written back from Azure AD to your on-premises Active Directory?

Answer 22

Microsoft 365 groups