Microsoft Azure Architect Technologies (legacy) — Question 44

You configure Azure AD Connect for Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) for an on-premises network.
Users report that when they attempt to access myapps.microsoft.com, they are prompted multiple times to sign in and are forced to use an account name that ends with onmicrosoft.com.
You discover that there is a UPN mismatch between Azure AD and the on-premises Active Directory.
You need to ensure that the users can use single-sign on (SSO) to access Azure resources.
What should you do first?

Answer options

• A. From on-premises network, deploy Active Directory Federation Services (AD FS).
• B. From Azure AD, add and verify a custom domain name.
• C. From on-premises network, request a new certificate that contains the Active Directory domain name.
• D. From the server that runs Azure AD Connect, modify the filtering options.

Correct answer: B

Explanation

The correct answer is B because adding and verifying a custom domain name in Azure AD will help resolve the UPN mismatch, allowing users to log in with their preferred domain instead of the onmicrosoft.com domain. Options A and C are not directly related to fixing the UPN mismatch issue, and D does not address the core problem of the UPN inconsistency for SSO.