User Accounts in Azure Stack Hub Integrated System using AD FS
Question
You have an Azure Stack Hub Integrated System that uses Active Directory Federation Services (AD FS) as an identity provider.
Which of the following statements are true about user accounts? (Select all that are applicable)
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D. E. F.Correct Answers: A, C and E
User accounts are created for authenticating the individuals through a user ID and password.
How you create or manage the users and groups depends upon the identity solution you utilize.
Option A is correct.
User accounts are created in username@domain format.
Option B is incorrect.
Active Directory Federation Services (AD FS) does not support \<domain>\<alias> format.
Option C is correct.
User accounts can be set up to utilize multi-factor authentication.
Option D is incorrect.
User accounts can't be set up to utilize multi-factor authentication.
Option E is correct.
User accounts are limited to the organization's directory which is the directory they first register.
Option F is incorrect.
User accounts can be imported from the on-premise directory.
To know more about user accounts in Azure Stack Hub, please visit the below-given link:
In an Azure Stack Hub Integrated System that uses Active Directory Federation Services (AD FS) as an identity provider, the following statements are true about user accounts:
A. User accounts are created in username@domain format: This statement is not entirely accurate. User accounts in Azure AD are typically created in the format of username@domain.onmicrosoft.com. However, if the Azure AD tenant is synchronized with an on-premises Active Directory using Azure AD Connect, then the user accounts in Azure AD will be created in the same format as they are in the on-premises Active Directory, which could be username@domain or some other format.
B. User accounts are created in <domain><alias> format: This statement is not correct. This format is not used to create user accounts in Azure AD.
C. User accounts can be set up to utilize multi-factor authentication: This statement is true. Azure AD supports multi-factor authentication (MFA) for user accounts, which provides an additional layer of security beyond just a username and password. MFA can be configured to require a phone call, text message, or mobile app notification in addition to the user's password.
D. User accounts can't be set up to utilize multi-factor authentication: This statement is false, as mentioned in the previous statement.
E. User accounts are limited to the directory where they first register: This statement is not accurate. User accounts in Azure AD can be members of multiple directories, which can be either Azure AD directories or on-premises Active Directory domains that are synchronized with Azure AD.
F. User accounts can't be imported from the on-premise directory: This statement is not correct. User accounts from an on-premises Active Directory can be synchronized with Azure AD using Azure AD Connect. This synchronization allows the user accounts to be used for authentication and authorization in Azure AD.
In summary, the correct statements are:
- User accounts can be set up to utilize multi-factor authentication.
- User accounts from an on-premises Active Directory can be synchronized with Azure AD using Azure AD Connect.
