Microsoft Azure Security Technologies (AZ-500)

What authentication method allows integration of an on-premises Active Directory with Azure Active Directory while ensuring that password policies apply to user accounts?

• A. Federated identity with Active Directory Federation Services (AD FS)
• B. Password hash synchronization with seamless single sign-on (SSO)
• C. Pass-through authentication with seamless single sign-on (SSO)
• D. Application Proxy authentication

The correct answer is: Password hash synchronization with seamless single sign-on (SSO)

The authentication method that allows the integration of an on-premises Active Directory with Azure Active Directory while ensuring that password policies apply to user accounts is password hash synchronization with seamless single sign-on (SSO). This method works by synchronizing user passwords from the on-premises Active Directory to Azure Active Directory in a hashed format. This means that users can leverage their existing passwords to access Azure services while the security posture related to those passwords remains intact as per the on-premises policies. The seamless SSO feature provides users with a smooth login experience, allowing them to access Azure resources without repeatedly entering their credentials, thus improving usability. In contrast, other methods like federated identity with Active Directory Federation Services (AD FS) require additional infrastructure and configuration to support SSO but can lead to complexities in managing password policies. Pass-through authentication also allows users to log in with their on-premises password, but it does not synchronize password hashes, which means it doesn't inherently apply the same password policies of the Active Directory environment in the same way. Application Proxy authentication is primarily focused on enabling secure remote access to on-premises applications, rather than directly managing user authentication and SSO across Azure Active Directory and on-premises Active Directory.