Microsoft Identity and Access Administrator — Question 14
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Active Directory forest that syncs to an Azure Active Directory (Azure AD) tenant.
You discover that when a user account is disabled in Active Directory, the disabled user can still authenticate to Azure AD for up to 30 minutes.
You need to ensure that when a user account is disabled in Active Directory, the user account is immediately prevented from authenticating to Azure AD.
Solution: You configure pass-through authentication.
Does this meet the goal?
Answer options
- A. Yes
- B. No
Correct answer: A
Explanation
Configuring pass-through authentication allows user credentials to be validated against Active Directory in real-time. This means that once a user account is disabled in Active Directory, they will no longer be able to authenticate to Azure AD immediately, thus meeting the goal. On the other hand, not implementing this solution would result in potential delays in authentication status updates.