Configure Single Sign-On for Company Users with Azure AD and AD DS
Question
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has an on-premises Active Directory Domain Services (AD DS) domain and an established Azure Active Directory (Azure AD) environment.
Your company would like users to be automatically signed in to cloud apps when they are on their corporate desktops that are connected to the corporate network.
You need to enable single sign-on (SSO) for company users.
Solution: Configure an AD DS server in an Azure virtual machine (VM). Configure bidirectional replication.
Does the solution meet the goal?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B.B
The proposed solution does not fully meet the goal of enabling single sign-on (SSO) for company users who are on their corporate desktops that are connected to the corporate network.
The solution involves configuring an AD DS server in an Azure virtual machine (VM) and configuring bidirectional replication. While this solution can help with providing a consistent directory experience for users and ensuring that AD DS domain services are available in Azure, it does not enable SSO for cloud apps.
To enable SSO for cloud apps, the Azure AD Connect tool can be used to establish a trust relationship between on-premises AD DS and Azure AD. This can be done by configuring pass-through authentication or federated authentication.
Pass-through authentication allows users to sign in to cloud apps using their on-premises credentials without the need for password synchronization or the use of different credentials. Federation authentication involves setting up a federation trust between Azure AD and an identity provider (such as AD FS or a third-party identity provider) to allow users to authenticate with their on-premises credentials and access cloud apps seamlessly.
In summary, while configuring an AD DS server in an Azure VM with bidirectional replication can help with providing a consistent directory experience for users and ensuring AD DS domain services are available in Azure, it does not fully meet the goal of enabling SSO for cloud apps. The appropriate solution would be to establish a trust relationship between on-premises AD DS and Azure AD using Azure AD Connect and configuring either pass-through or federated authentication. Therefore, the answer is B. No.
