Enable Users to Reset Passwords with Password Writeback | Microsoft 365 Security Administration Exam

Enable Users to Reset Passwords

Prev Question Next Question

Question

You are the administrator of a newly created Azure tenant on the Azure AD free tier.

You have installed and configured AD Connect on an on-premise server, and configured password hash synchronization as your password authentication method.

You have synchronized your users to Office 365

You wish to enable your users to reset their own passwords, so you enable the feature "Password writeback" in AD Connect configurations.

But users are still not able to reset their own passwords.

What must you do next to enable users to change their own passwords?

Answers

A. Create a dynamically assigned security group and add your users.

B. Upgrade Azure to a Premium Tier

C. Enable multi-factor authentication (MFA) for your users.

D. Change the “Number of methods required to reset” from 1 to 2.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer: B

Password change is supported in the Free tier, but password reset is not.

In order to enable the service, you must upgrade to a paid tier.

UPN Suffixes

‘The names ofthe current domain and the root domain are the default user
Principal name (UPN) suffixes. Adding atemative domain names provides
‘addtional lagon securty and simplfies user logon names.

|fyou want atemative UPN suftes to appear during user creation. add
them to the following ist

Option A is incorrect.

A dynamic security group use rules to determine group membership based on user or device properties.

Option C is incorrect.

MFA is not required to enable self-service password reset.

Your user will however have to register for password reset by going through an authentication method workflow.

Option D is incorrect.

You do not have to change number of methods to 2, although this would improve security.

To know more about Active Directory self-service password reset, please refer to the link below:

The correct answer to this question is B. Upgrade Azure to a Premium Tier.

Enabling "Password writeback" in AD Connect allows users to reset their passwords in Office 365 and have those changes synchronized back to the on-premises Active Directory. However, for users to be able to use this feature, they must have an Azure AD Premium license. Without an Azure AD Premium license, users will not be able to reset their own passwords.

The Azure AD free tier only provides basic features for managing user identities, such as user provisioning and password synchronization. However, it does not include premium features such as self-service password reset, which requires an Azure AD Premium license. Therefore, in order to enable users to reset their own passwords, the Azure subscription must be upgraded to a premium tier.

Option A, creating a dynamically assigned security group and adding users, is not relevant to this scenario as it does not address the issue of users not being able to reset their own passwords.

Option C, enabling multi-factor authentication (MFA) for users, is not required for users to reset their own passwords. While MFA can provide an additional layer of security for password reset, it is not necessary for the password writeback feature to work.

Option D, changing the "Number of methods required to reset" from 1 to 2, is not relevant to this scenario as it does not address the issue of users not being able to reset their own passwords. This option refers to a security setting in Azure AD self-service password reset, which requires users to authenticate with more than one method (such as a phone number and email address) in order to reset their password.

Prev Question Next Question