You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant.
You have several Windows 10 devices that are Azure AD hybrid-joined.
You need to ensure that when users sign in to the devices, they can use Windows Hello for Business.
Which optional feature should you select in Azure AD Connect?
Click on the arrows to vote for the correct answer
A. B. C. D. E.D
https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqsTo enable Windows Hello for Business on Windows 10 devices that are Azure AD hybrid-joined, you need to select the Device writeback option in Azure AD Connect. Device writeback is an optional feature in Azure AD Connect that allows on-premises devices to be written back to the on-premises Active Directory Domain Services (AD DS) domain from Azure AD.
When Device writeback is enabled, it allows the following benefits:
Device object creation: Device objects are automatically created in the on-premises AD DS domain for devices that are registered in Azure AD.
Windows Hello for Business: Windows Hello for Business can be enabled on Windows 10 devices by using the on-premises AD DS domain.
Conditional Access: Conditional Access policies can be applied to devices that are registered in Azure AD.
To enable Device writeback in Azure AD Connect, follow these steps:
Open the Azure AD Connect configuration wizard.
On the Additional tasks page, select the Customize synchronization options option.
On the Optional features page, select the Device writeback option.
Complete the Azure AD Connect configuration wizard.
Note that Device writeback requires an Azure AD Premium P1 or P2 license, and the on-premises AD DS domain must be running at least Windows Server 2012 R2.