You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant by using password hash synchronization.
You have a Microsoft 365 subscription.
All devices are hybrid Azure AD-joined.
Users report that they must enter their password manually when accessing Microsoft 365 applications.
You need to reduce the number of times the users are prompted for their password when they access Microsoft 365 and Azure services.
What should you do?
Click on the arrows to vote for the correct answer
A. B. C. D.C
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-startThe issue reported by the users indicates that they have to enter their passwords multiple times when accessing Microsoft 365 applications and Azure services. This may be due to the authentication mechanism used by Azure AD and the on-premises AD DS domain. To reduce the number of times users are prompted for their password, single sign-on (SSO) can be used.
SSO allows users to access multiple resources using a single set of credentials. In this case, SSO can be achieved by enabling either pass-through authentication or password hash synchronization. Since the scenario already uses password hash synchronization, enabling SSO through Azure AD Connect by selecting the option "Enable single sign-on (SSO)" is the recommended approach.
Option A is incorrect because configuring a Conditional Access policy only helps to control the access to specific applications based on predefined conditions. It does not solve the problem of multiple password prompts.
Option B is incorrect because creating an autodiscover record in the DNS zone of the AD DS domain only helps with email client configuration. It does not help to reduce the number of times users are prompted for their passwords.
Option D is incorrect because pass-through authentication is an alternative way of achieving SSO, but it requires more configuration and infrastructure. Enabling SSO through Azure AD Connect is a simpler and recommended approach.
Therefore, the correct answer is C. From Azure AD Connect, enable single sign-on (SSO).