Microsoft Azure Architect Design (AZ-304) Practice Test

Which authentication method should you configure in Azure AD Connect to enable SSO for company users automatically?

• A. Pass-through authentication
• B. Federation with on-premises AD FS
• C. Password hash synchronization
• D. Conditional access policies

The correct answer is: Password hash synchronization

Password hash synchronization is the appropriate method to configure in Azure AD Connect to enable single sign-on (SSO) for company users automatically. This approach works by synchronizing the hashed version of users' passwords from the on-premises Active Directory to Azure Active Directory (Azure AD). When users log in to Azure AD, they authenticate using their synchronized password hashes, allowing for seamless access to cloud resources without requiring a separate password. This method is advantageous because it simplifies the user experience. Users can use the same credentials for both on-premises and cloud applications, fostering a more streamlined authentication process. Automatic SSO is achieved as users logged into their devices with their Active Directory credentials can access Azure services without another login prompt, enhancing productivity. Other options, while they also provide various authentication capabilities, do not inherently support automatic SSO in the same straightforward manner. For instance, pass-through authentication allows users to authenticate against the on-premises Active Directory without requiring password hashes to be stored in Azure. However, it may not provide the same seamless experience across applications as password hash synchronization does. Federation with on-premises Active Directory Federation Services (AD FS) provides SSO capabilities, but it requires more complex infrastructure and configuration than password hash synchronization. It is typically used