You have an on premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant.
You plan to implement self-service password reset (SSPR) in Azure AD.
You need to ensure that users that reset their passwords by using SSPR can use the new password resources in the AD DS domain.
What should you do?
Click on the arrows to vote for the correct answer
A. B. C. D.B
https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr-writebackThe correct answer is B. Run the Microsoft Azure Active Directory Connect wizard and select Password writeback.
Explanation: To enable users to use their new password resources in the on-premises AD DS domain, the Password writeback feature needs to be enabled. Password writeback is a feature that allows password changes made by users in Azure AD to be written back to an on-premises AD DS environment. This means that when a user changes their password using SSPR in Azure AD, the new password will be written back to the on-premises AD DS domain and can be used to authenticate on-premises resources.
To enable Password writeback, you need to run the Microsoft Azure Active Directory Connect wizard and select the Password writeback option. This will create a trust between the on-premises AD DS environment and Azure AD, and allow password changes made in Azure AD to be written back to the on-premises environment.
Option A is incorrect because the Azure AD Password Protection proxy service is used to prevent users from setting weak passwords. It is not required to enable Password writeback.
Option C is incorrect because granting the Change password permission to the Azure AD Connect service account is not sufficient to enable Password writeback.
Option D is also incorrect because granting the impersonate a client after authentication user right to the Azure AD Connect service account is not related to Password writeback.