Examice

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory forest.

You deploy Microsoft 365.

You plan to implement directory synchronization.

You need to recommend a security solution for the synchronized identities. The solution must meet the following requirements:

• Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable.

• User passwords must be 10 characters or more.

Solution: Implement password hash synchronization and modify the password settings from the Default Domain Policy in Active Directory.

Does this meet the goal?

Correct Answer: A

Password hash synchronization allows users to authenticate to Microsoft 365 services using the same credentials they use for on-premises Active Directory. If Active Directory becomes unavailable, users can still authenticate to Microsoft 365 services using the last synchronized password hash stored in Azure AD. This meets the requirement that users must be able to authenticate successfully even if Active Directory is unavailable. Additionally, password length and complexity policies can be enforced in Active Directory, satisfying the requirement for passwords to be at least 10 characters long. Therefore, implementing password hash synchronization and modifying the password settings in the Default Domain Policy addresses both goals.