You are planning an AD Connect strategy to utilize leaked credentials detection in Azure AD Identity Protection.
What must you enable?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: C
Password Hash Sync enables the Azure AD Identity Protection leaked credentials feature, who monitors public web sites and the dark web for username/passwords from malicious sites.
Option A is incorrect.
This feature within Azure AD Connect allows password changes in the cloud to be written back to an on-premise directory.
Option B is incorrect.
This feature within Azure AD Connect synchronizes devices registered in Azure AD back to on-premise.
Option D is incorrect.
Pass-through authentication does not support detection of users with leaked credentials.
Reference:
To know more about Password hash synchronization, please refer to the link below:
To utilize leaked credentials detection in Azure AD Identity Protection, you need to enable Password hash synchronization (PHS) in AD Connect.
Password hash synchronization is a feature of AD Connect that allows for the synchronization of password hashes from on-premises Active Directory to Azure Active Directory. When PHS is enabled, password changes made in on-premises Active Directory are synchronized to Azure AD. Azure AD Identity Protection uses these synchronized password hashes to detect if any of them have been exposed in a data breach or any other unauthorized access.
Option A, Password writeback, is not required for utilizing leaked credentials detection in Azure AD Identity Protection. Password writeback allows for password changes made in Azure AD to be written back to on-premises Active Directory.
Option B, Device writeback, is also not required for this scenario. Device writeback allows for device objects in Azure AD to be written back to on-premises Active Directory.
Option D, Pass-through authentication, is not relevant to this scenario either. Pass-through authentication is a feature that allows for authentication requests to be passed directly to on-premises Active Directory, without the need for password synchronization or any other credentials to be stored in the cloud.
Therefore, the correct answer is C, Password hash synchronization.