Microsoft Azure Security Technologies — Question 53

You have a Microsoft 365 tenant that uses an Azure Active Directory (Azure AD) tenant. The Azure AD tenant syncs to an on-premises Active Directory domain by using an instance of Azure AD Connect.
You create a new Azure subscription.
You discover that the synced on-premises user accounts cannot be assigned roles in the new subscription.
You need to ensure that you can assign Azure and Microsoft 365 roles to the synced Azure AD user accounts.
What should you do fist?

Answer options

• A. Configure the Azure AD tenant used by the new subscription to use pass-through authentication.
• B. Configure the Azure AD tenant used by the new subscription to use federated authentication.
• C. Change the Azure AD tenant used by the new subscription.
• D. Configure a second instance of Azure AD Connect.

Correct answer: C

Explanation

The correct answer is C, as changing the Azure AD tenant used by the new subscription allows for proper role assignments to the synced user accounts. Options A and B involve authentication methods that do not address the issue of role assignment, while option D would unnecessarily complicate the setup without resolving the underlying tenant issue.