← Designing Microsoft Azure Infrastructure Solutions (AZ-305)

Free Preview

Question 1 of 5

An enterprise architect must design an identity solution for a multinational corporation that has 50,000 employees spread across 12 subsidiaries. Each subsidiary currently runs its own on-premises Active Directory domain. The requirement is to provide seamless single sign-on (SSO) to Azure-hosted SaaS applications while maintaining each subsidiary's existing local authentication infrastructure. Password hash synchronization must NOT be used due to regulatory constraints. Which solution best satisfies these requirements?

Deploy Azure AD Connect with Password Hash Synchronization for all 12 subsidiaries, using separate Azure AD tenants per subsidiary federated to a parent tenant. Deploy Azure AD Connect with Pass-through Authentication (PTA) agents in each subsidiary, synchronized into a single Azure AD tenant, enabling SSO without storing password hashes in the cloud. Configure Azure AD B2B collaboration for all 12 subsidiaries, inviting each subsidiary's users as guest accounts into a central Azure AD tenant. Deploy Active Directory Federation Services (AD FS) farms in each subsidiary and federate each farm directly to a separate Azure AD tenant per subsidiary.

This is a free preview. Create an account to access all 380 questions.

Free Preview

We use cookies

Cookie Settings

Essential Cookies Always Active

Analytics Cookies

Advertising Cookies