Microsoft AZ-800 Exam - Topic 4 Question 12 Discussion

Actual exam question for Microsoft's AZ-800 exam

Question #: 12
Topic #: 4

You have an on premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant.

You plan to implement self-service password reset (SSPR) in Azure AD.

You need to ensure that users that reset their passwords by using SSPR can use the new password resources in the AD DS domain.

What should you do?

ADeploy the Azure AD Password Protection proxy service to the on premises network.

BRun the Microsoft Azure Active Directory Connect wizard and select Password writeback.

CGrant the Change password permission for the domain to the Azure AD Connect service account.

DGrant the impersonate a client after authentication user right to the Azure AD Connect service account.

Show Suggested Answer

Suggested Answer: B

https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr-writeback

by Lavera at Jun 28, 2022, 10:37 PM

Limited Time Offer

25%

Off

Get Premium AZ-800 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Raelene

4 months ago

Not sure if this will work as expected, sounds too simple.

upvoted 0 times

...

Enola

4 months ago

C might be needed too, but B is crucial for SSPR.

upvoted 0 times

...

Crista

4 months ago

Wait, I thought A was necessary for password protection?

upvoted 0 times

...

Isadora

4 months ago

I agree, B makes the most sense here.

upvoted 0 times

...

Lavonne

5 months ago

B is definitely the way to go for password writeback!

upvoted 0 times

...

Jacquelyne

5 months ago

I practiced a similar question where we had to set permissions for the Azure AD Connect service account, but I can't recall if it was about changing passwords or something else.

upvoted 0 times

...

Mozell

5 months ago

I think deploying the Azure AD Password Protection proxy service is more about enforcing password policies, not necessarily about SSPR functionality.

upvoted 0 times

...

Ricki

5 months ago

I remember something about password writeback being essential for SSPR to work with AD DS, but I'm not entirely sure if that's the only step needed.

upvoted 0 times

...

Anglea

5 months ago

I feel like granting the impersonate user right could be important, but I’m leaning towards option B since it directly mentions password writeback.

upvoted 0 times

...

Valentin

5 months ago

I feel pretty confident about this. The options cover the main points I'd expect to see, so I should be able to identify the two true statements.

upvoted 0 times

...

Shelia

5 months ago

Hmm, this one seems straightforward. I think the Account entity would be the best place to store the customer's Twitter profile details.

upvoted 0 times

...

Ming

5 months ago

I'm pretty confident about this one. SCIM is definitely used for provisioning and managing identity data, so I'll go with "Yes" on this.

upvoted 0 times

...

Bette

5 months ago

I'm not sure about the 'initializing' state either. It feels like it could be a valid reason for the primary node not working.

upvoted 0 times

...