Examice

Exam MS-102 All QuestionsBrowse all questions from this exam

Question 91

You have a hybrid deployment of Microsoft 365 that contains the users shown in the following table.

Azure AD Connect has the following settings:

Password Hash Sync: Enabled -

Pass-through authentication: Enabled

You need to identify which users will be able to authenticate by using Azure AD if connectivity between on-premises Active Directory and the internet is lost.

Which users should you identify?

none

User1 only

User1 and User2 only

User1, User2, and User3

Correct Answer: B

In a hybrid deployment with Azure AD Connect, users who are sourced from Azure AD can still authenticate using Azure AD if the connectivity between on-premises Active Directory and the internet is lost. In this scenario, User1 is the only user sourced from Azure AD, meaning they are not reliant on on-premises infrastructure for authentication. Users sourced from Active Directory Domain Services (AD DS), such as User2 and User3, will not be able to authenticate because they rely on on-premises AD for authentication, and password hash synchronization does not automatically provide a fallback for pass-through authentication. Therefore, only User1 will be able to authenticate using Azure AD when connectivity is lost.

Discussion

certma2023Option: A

I would choose A. According to the MS documentation: "Does password hash synchronization act as a fallback to Pass-through Authentication? No. Pass-through Authentication does not automatically failover to password hash synchronization. To avoid user sign-in failures, you should configure Pass-through Authentication for high availability." https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/how-to-connect-pta-faq#does-password-hash-synchronization-act-as-a-fallback-to-pass-through-authentication- Therefore, without any admin actions, authentication won't be possible for any user until the admin make some changes on the tenant.

amurp35

Correct, except for cloud-only users. Therefore, the correct answer is B.

mikl

But how come user 2 can't sign in? Passwords are hashed in the Cloud for user 2 - so should be able to logon no?

amurp35Option: B

B. Cloud user won't be affected. Why? Because Pass-through auth is ON for the on-prem soured users. Password Hash Sync is not an auto-fallback kind of a thing. Therefore, those users cannot authenticate without some work on the configuration to enable it, since the authentication happens on-prem.

ae88d96Option: B

Correct Answer B, Cloud User won't be affected. Tested on my lab.

AMDfOption: B

Vote for B

nordbymikaelOption: B

PTA works for synced users only. Cloud-native users always use Entra ID for authentication, even if PTA is enabled.

TP447Option: B

Initially i thought User1 and User2 but then realised that a change would be needed to switch to PHS. User1 being cloud only wouldnt be impacted so answer is B.

MoreCertificatesForMeOption: B

Hash Sync syncs every 2 min, so if on prem communication is down i would not think that the authentication will happen

Greatone1Option: A

A is correct answer Fail over to password hash synchronization doesn't happen automatically and you must use Azure AD Connect to switch the sign-on method manually.

Kmkz83510

True, but user1 is a cloud only user, and is not dependent on Pass Through Auth/AD

blairskimoOption: D

The users have been synched then connection to on prem was lost . So you cant log in to on prem but can you log in to the cloud . The question asks “You need to identify which users will be able to authenticate by using Azure AD if connectivity between on-premises Active Directory and the internet is lost. Which users should you identify?” So yes you will be able to log in to azure and seeing the creds for all three users have been synched previously then I would choose D

angra01Option: B

Lost connection

MarcMouelleOption: B

L'utilisateur 1 uniquement. L'authentification directe nécessite que le réseau local soit disponible or le hachage dee mot de passe crypte les mots de passes et les stocke dans l' entra id

Tomtom11

https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/choose-ad-authn

Tomtom11

https://www.reddit.com/r/Office365/comments/zqmfho/passthrough_authentication_and_password_hash/

SnakadOption: B

Chat GPT say only User1 because in the event of a connectivity loss between on-premises Active Directory and the internet, User1 will be able to authenticate using Azure AD because they are cloud-native and have the necessary authentication methods enabled. User2 may face authentication issues as they rely on on-premises AD DS for authentication, and User3 is not provisioned in Azure AD, so they won't be able to authenticate through Azure AD.

CarineOption: B

User1 is a cloud only user, no ? So i think he will be able to authenticate by Azure AD. So B for me.

gomezmaxOption: A

it Should be A

nsotis28Option: A

For sure A certman2023 has shared explanation