Microsoft Azure Security Technologies (AZ-500)

Choosing which authentication method allows users to have single sign-on experiences while considering local security policies?

• A. Pass-through authentication
• B. Federated identity
• C. Password hash synchronization
• D. Multi-factor authentication

The correct answer is: Password hash synchronization

The correct choice involves an understanding of how different authentication methods function in relation to single sign-on (SSO) experiences and local security policies. Password hash synchronization is designed to synchronize user passwords from on-premises Active Directory to Azure Active Directory. This allows users to access various cloud services seamlessly without re-entering their credentials, enabling a single sign-on experience. With password hash synchronization, when a user logs in, their password hash is checked against Azure AD, allowing for a unified login experience across services. This mechanism supports local security policies by maintaining the integrity of the password policy set within the on-premises environment while still granting the benefits of SSO. Understanding SSO is crucial here; it’s a key component of user experience in enterprise services, and password hash synchronization facilitates this while still adhering to the security policies defined locally. This ensures users can authenticate once and access multiple services without repeated authentication prompts, thus improving productivity and security management. In contrast, alternative methods like pass-through authentication and federated identity systems, while providing secure authentication proxies to users, might not offer the same level of integration and uniformity without extra configuration and management. Multi-factor authentication, while enhancing security, does not inherently provide single sign-on capabilities by itself; rather, it adds