Microsoft Azure Architect Design (AZ-304) Practice Test

What is the primary purpose of installing and configuring an on-premises Active Directory Federation Services (AD FS) server in an Azure environment?

• A. To establish a trust relationship with Azure AD
• B. To manage user authentication entirely on-premises
• C. To improve on-premises performance
• D. To migrate all resources to Azure

The correct answer is: To establish a trust relationship with Azure AD

The primary purpose of installing and configuring an on-premises Active Directory Federation Services (AD FS) server in an Azure environment is to establish a trust relationship with Azure Active Directory (Azure AD). This integration allows for Single Sign-On (SSO) capabilities, enabling seamless access to both on-premises applications and cloud services. By leveraging AD FS, organizations can authenticate users against their existing on-premises Active Directory while enabling those users to access Azure resources without needing multiple sets of credentials. The trust relationship facilitates secure authentication and provides a federated identity solution that enhances user experience and streamlines identity management across hybrid environments. The other choices, while relevant to AD FS or Azure environments, do not capture the core function of establishing a trust relationship. Managing user authentication entirely on-premises diminishes the benefits of leveraging cloud services and can hinder users' access. Improving on-premises performance does not directly relate to the primary role of AD FS in a hybrid setup. Likewise, migrating all resources to Azure is a broader architectural decision that may not specifically pertain to the AD FS's function of federating identities and authentication.