Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company plans to deploy several Microsoft Office 365 services.
You need to design an authentication strategy for the planned deployment.
The solution must meet the following requirements:
* Users must be able to authenticate during business hours only.
* Authentication requests must be processed successfully if a single server fails.
* When the password for an on-premises user account expires, the new password must be enforced the next time the user signs in.
* Users who connect to Office 365 services from domain-joined devices that are connected to the internal network must be signed in automatically.
Solution: You design an authentication strategy that contains a pass-through authentication model. The solution contains two servers that have an Authentication Agent installed and password hash synchronization configured.
Does this meet the goal?
A . Yes
B . No
Answer: B
Explanation:
This solution meets the following goals:
✑ Users must be able to authenticate during business hours only.
✑ Authentication requests must be processed successfully if a single server fails.
✑ When the password for an on-premises user account expires, the new password
must be enforced the next time the user signs in.
However, the following goal is not met:
✑ Users who connect to Office 365 services from domain-joined devices that are connected to the internal network must be signed in automatically.
You would need to configure Single-sign on (SSO) to meet the last requirement.
Reference: https://docs.microsoft.com/en-us/azure/security/azure-ad-choose-authn
Leave a Reply