Topic 5, Implement and manage federated identities (single sign-on [SSO])
DRAG DROP
Contoso Ltd. plans to use Office 365 services for collaboration between departments. Contoso has one Active Directory Domain Services domain named contoso.local. You deploy Azure AD Connect.
You plan to implement single sign-on (SSO) for Office 365.
You need to synchronize only the user accounts that have valid routable domain names and are members of specified departments.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
The domain we want to federate must be registered as a public internet domain with a domain registrar or within our own public DNS servers. We cannot use contoso.local as it is not routable outside of the intranet. We can then use Active Directory Domains and Trusts to add user principal name (UPN) suffixes to the domain. The default UPN suffix is the Domain Name System (DNS) domain name of the contoso.local domain that contains the user account. We can add contoso.com as an alternative UPN suffixes for logon processes.
We should then use Active Directory Users and Computers to change the UPN of user accounts in the specified departments to contoso.com.
Finally, we can use user attribute-based filtering to exclude all have non-routable domain names, i.e., those that have a contoso.local as their UPN suffix.