Microsoft 365 Administrator — Question 132

Your network contains an Active Directory domain.

You have an Azure AD tenant that has Security defaults disabled.

Azure AD Connect is configured for directory synchronization. Password hash synchronization and pass-through authentication are disabled.

You need to enable Azure AD Identity Protection to detect leaked credentials.

What should you do first?

Answer options

• A. From Azure AD Connect, enable password hash synchronization.
• B. From the Microsoft Entra admin center, enable Security defaults.
• C. From the Microsoft Entra admin center, configure verifiable credentials.
• D. From Azure AD Connect, enable pass-through authentication.

Correct answer: A

Explanation

Enabling password hash synchronization is essential because Azure AD Identity Protection requires this feature to function effectively in detecting leaked credentials. The other options do not provide the necessary capabilities for identity protection in this scenario, as they either focus on different security aspects or are not related to credential leakage detection.