Exam AZ-800 All QuestionsBrowse all questions from this exam
Go to Exam
Question 53

HOTSPOT

-

Your on-premises network contains an Active Directory Domain Services (AD DS) domain. The domain contains the servers shown in the following table.

The domain controllers do NOT have internet connectivity.

You plan to implement Azure AD Password Protection for the domain.

You need to deploy Azure AD Password Protection agents. The solution must meet the following requirements:

• All Azure AD Password Protection policies must be enforced.

• Agent updates must be applied automatically.

• Administrative effort must be minimized.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

    Correct Answer:

Discussion
RickySmith

Azure AD Password Protection agent - Only DC1 and DC2. Agents need to be on full DC's as RODC's cannot process all password changes. https://learn.microsoft.com/en-us/entra/identity/authentication/howto-password-ban-bad-on-premises-deploy#read-only-domain-controller-considerations Azure AD Password Protection Proxy - Server1 -Needs to be on Member Server only -Not compatible with RODC. -Not compatible with AAD App Proxy. https://learn.microsoft.com/en-us/entra/identity/authentication/howto-password-ban-bad-on-premises-deploy#microsoft-entra-connect-agent-updater-prerequisites

Krayzr

True. found on RickySmith's link . Warning Microsoft Entra Password Protection proxy and Microsoft Entra application proxy install different versions of the Microsoft Entra Connect Agent Updater service, which is why the instructions refer to Application Proxy content. These different versions are incompatible when installed side by side and doing so will prevent the Agent Updater service from contacting Azure for software updates, so you should never install Microsoft Entra Password Protection Proxy and Application Proxy on the same machine.

lucacose

Install Azure AD Password Protection -> Only DC1 and DC2 WHY? RODCs are not supported Install Azure AD Password Protection Proxy -> Server1 WHY? You can't install AAD Password Protection PROXY (Now Microsoft Entra Password Proxy)in a server with Azure AD Application Connector proxy Look for the prerequisite at this page: https://learn.microsoft.com/en-us/entra/identity/authentication/howto-password-ban-bad-on-premises-deploy

Jools_SP

Incorrect answer. Microsoft Entra Password Protection proxy and Microsoft Entra application proxy install different versions of the Microsoft Entra Connect Agent Updater service, which is why the instructions refer to Application Proxy content. These different versions are incompatible when installed side by side and doing so will prevent the Agent Updater service from contacting Azure for software updates, so you should never install Microsoft Entra Password Protection Proxy and Application Proxy on the same machine.

Payday123

Is it a new question?