You are planning an AD Connect strategy to utilize leaked credentials detection in Azure AD Identity Protection.
What must you enable?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: C
Password Hash Sync enables the Azure AD Identity Protection leaked credentials feature, who monitors public web sites and the dark web for username/passwords from malicious sites.
Option A is incorrect.
This feature within Azure AD Connect allows password changes in the cloud to be written back to an on-premise directory.
Option B is incorrect.
This feature within Azure AD Connect synchronizes devices registered in Azure AD back to on-premise.
Option D is incorrect.
Pass-through authentication does not support detection of users with leaked credentials.
To know more about Password hash synchronization, please refer to the link below:
If you want to use leaked credentials detection in Azure AD Identity Protection, you need to synchronize your on-premises Active Directory with Azure AD using AD Connect. AD Connect allows you to configure different authentication methods such as password hash synchronization, pass-through authentication, and federation.
Out of the given options, the answer is C, Password hash synchronization. This is because leaked credential detection requires that the password hash of user accounts in Active Directory be synchronized with Azure AD. Password hash synchronization ensures that the password hashes in Active Directory are securely synchronized with Azure AD, where Azure AD Identity Protection can analyze them for any signs of compromise.
Option A, Password writeback, is not required for leaked credential detection. Password writeback is used when you need to enable self-service password reset for cloud-only users.
Option B, Device writeback, is not required for leaked credential detection. Device writeback is used when you need to enable Hybrid Azure AD join, which allows your on-premises devices to be registered in Azure AD.
Option D, Pass-through authentication, is not required for leaked credential detection. Pass-through authentication is used when you want to authenticate your on-premises users directly against Active Directory, without syncing their password hashes to Azure AD. However, for leaked credential detection, you need to synchronize the password hashes to Azure AD so that Azure AD Identity Protection can analyze them.