Microsoft Azure Architect Design (2020, legacy) — Question 13

Your company wants to use an Azure Active Directory (Azure AD) hybrid identity solution.
You need to ensure that users can authenticate if the internet connection to the on-premises Active Directory is unavailable. The solution must minimize authentication prompts for the users.
What should you include in the solution?

Answer options

• A. password hash synchronization and Azure AD Seamless Single Sign-On (Azure AD Seamless SSO)
• B. pass-through authentication and Azure AD Seamless Single Sign-On (Azure AD Seamless SSO)
• C. an Active Directory Federation Services (AD FS) server

Correct answer: A

Explanation

The correct answer is A because password hash synchronization allows users to authenticate even when the on-premises Active Directory is unavailable, while Azure AD Seamless SSO minimizes prompts. Option B, although it includes Azure AD Seamless SSO, relies on pass-through authentication, which requires connectivity to the on-premises directory. Option C does not meet the requirement for minimizing prompts and also necessitates a connection to the on-premises infrastructure.