Synchronizing an AD DS (Active Directory Domain Services) environment with Azure AD (Azure Active Directory) will help you in establishing consistent user logins to allow the users to use the same credentials to access their resources in AVD (Azure Virtual Desktop) and other Microsoft cloud services.
Which of the following are available synchronization options? (Select all that are applicable)
Click on the arrows to vote for the correct answer
A. B. C. D. E.Correct Answers: A and B
The various available synchronization methods are:
Password Hash Sync: This method synchronizes usernames and hashes of passwords with Azure AD.
Pass-through Authentication: This authentication option allows your on-premises directory service to perform simple authentication for Microsoft cloud services, requiring very little on-premises configuration.
Active Directory Federation Services: This is a more complex partner federation, RSA tokens, and Smart Card authentication option.
With this option, you need to provision extra on-premises servers and ensure their availability.
Option A is correct.
Password Hash Sync is a valid synchronization method.
Option B is correct.
Pass-through Authentication is a valid available authentication method.
Option C is incorrect.
Pass-forward Authentication is not a valid authentication method.
Option D is incorrect.
Windows Hello for Business isn't a synchronization option for Azure Active Directory.
Its value is highly based on PIN and biometric logins using asymmetrical public-private key pairs (PKI) instead of a shared secret, such as a password.
Option E is incorrect.
Pass-forward Authentication and Windows Hello for Business are not valid synchronization options.
To know more about how to migrate from federation to cloud authentication, please visit the below-given link:
When it comes to synchronizing an on-premises AD DS environment with Azure AD, there are different options available to choose from. These synchronization options are used to enable a consistent user login experience for accessing resources in Azure Virtual Desktop (AVD) and other Microsoft cloud services. Let's take a closer look at the synchronization options mentioned in the question:
A. Password Hash Sync (PHS): This option synchronizes password hashes from on-premises AD DS to Azure AD. When a user attempts to log in, the password is validated by comparing the hash in Azure AD against the hash stored in AD DS. This option provides a simple and secure way of syncing passwords without exposing plain text passwords.
B. Pass-through Authentication (PTA): With PTA, the user credentials are validated against the on-premises AD DS rather than storing password hashes in Azure AD. This option allows users to authenticate using their on-premises credentials without the need for password synchronization.
C. Pass-forward Authentication: Pass-forward Authentication (PFA) is a new feature in Azure AD Connect that allows authentication requests to be forwarded from Azure AD to on-premises AD DS. This option provides a way to authenticate users to on-premises resources through Azure AD.
D. Windows Hello for Business (WHfB): This option provides a secure way of authentication using biometrics or PIN. Users can use their Windows Hello credentials to access Azure AD and other Microsoft cloud services, including AVD.
E. All the above: All the synchronization options mentioned above are available for synchronizing an on-premises AD DS environment with Azure AD.
In summary, the synchronization options available for synchronizing an on-premises AD DS environment with Azure AD include Password Hash Sync, Pass-through Authentication, Pass-forward Authentication, and Windows Hello for Business. Depending on the organization's security and authentication requirements, one or more of these options can be chosen to enable consistent user logins to access AVD and other Microsoft cloud services.