Microsoft 365 Identity and Services (legacy) — Question 91

Your network contains an Active Directory domain.

You have an Azure Active Directory (Azure AD) tenant that has Security defaults enabled.

Azure AD Connect is configured for directory synchronization. Password hash synchronization and pass-through authentication are disabled.

You need to enable Azure AD Identity Protection to detect leaked credentials.

What should you do first?

Answer options

• A. From the Azure Active Directory admin center, disable Security defaults.
• B. From Azure AD Connect, enable pass-through authentication.
• C. From the Azure Active Directory admin center, configure verifiable credentials.
• D. From Azure AD Connect, enable password hash synchronization.

Correct answer: D

Explanation

The correct answer is D because enabling password hash synchronization is a prerequisite for using Azure AD Identity Protection. Options A, B, and C do not address the requirements for detecting leaked credentials and would not enable the necessary features for Azure AD Identity Protection.