Explore Identity Synchronization Flashcards
Define cloud-only identities
The user identity only exists in the cloud. All password management and policy control are done through Azure AD.
What Azure AD authentication option uses a software agent running on an on-premises server to validate the user in Active Directory?
Pass-Through Authentication (PTA)
True or false: With PTA, users can only sign into their Microsoft 365 resources using their on-premises account and password?
False
What synchronization service does SSO work with to provide authentication?
Active Directory Federation Services
What is the key difference between PTA and SSO?
SSO requires another proxy server because AD FS Server isn’t allowed to accept public connections.
What is the primary purpose of on-premises Active Directory?
Scalable, secure, and manageable infrastructure for user and resource management using access control at the object level.
What is an Azure AD resource?
Any logical object: permissions, apps, services, Sharepoint sites, on-premises resources, etc.
Whether on-premises, cloud, or hybrid what are the default permissions provided to a new user?
The least amount of privilege, especially no administrator privileges.
List the three types of user provisioning.
- On-premise only
- Cloud-only
- Hybrid
What technology facilitates hybrid user provisioning?
Azure AD Connect
Which Microsoft 365 provisioning option do companies prefer when they want more administrative versatility and another disaster recovery backup option?
Hybrid
Explain Azure AD write back
The process of directory synchronization that begins in the cloud and synchs “down” to the on-premises directory.
What was Azure AD Connect called before?
- Windows Azure AD Synchronization
- DirSync
Three parts of ____________
- Synchronization services
- ADFS (optional)
- Monitoring
Azure AD Connect
True or False:
Licenses are automatically assigned in Microsoft 365 when Azure AD connect synchronizes objects from Active Directory?
False
Are all Active Directory attributes synchronized to Microsoft 365 through Azure AD Connect?
No
Scenarios supported by ____________
- Multiple Active Directory forests
- Multiple Exchange organizations to one 365 tenant
Azure AD Connect
What is the single source of authority when using Azure AD Connect?
Active Directory on-premises
Explain this Azure AD Connect feature:
Exchange hybrid deployment.
Used to implement an Exchange hybrid deployment with one or multiple on-premises Exchange organizations.
Explain this Azure AD Connect feature:
Exchange mail-enabled public folders
Synchronizes mail-enabled public folder objects from on-premises Active Directory to Azure AD.
Azure AD Connect provides which of the following features?
- Migrates Exchange public folders from your on-premises organization to Exchange Online
- Password writeback that enables your users to change and reset their passwords in the cloud and have your on-premises password policy applied
- Determines the on-premises domain suffixes, identifies whether any domains are already verified with Microsoft 365, and validates the appropriate DNS records
Password writeback that enables your users to change and reset their passwords in the cloud and have your on-premises password policy applied
Azure AD Connect includes an optional group writeback feature. Group writeback writes groups from Azure AD to on-premises Active Directory. Which type of groups can be written back from Azure AD to your on-premises Active Directory?
Microsoft 365 groups
