- 2 views
Exam
Answer confirmed
Preamble
You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant.
You have several Windows 10 devices that are Azure AD hybrid-joined.
You need to ensure that when users sign in to the devices, they can use Windows Hello for Business.
Question
Which optional feature should you select in Azure AD Connect?
Proposed answer
- A. Device writeback
- B. Group writebeack
- C. Azure AD app and attribute filtering
- D. Password writeback
- E. Directory extension attribute sync
Suggested answer
A. Device writeback
Correct answer
The suggested answer is correct
Device Writeback is used in the following scenarios:
- Enable Windows Hello for Business using hybrid certificate trust deployment
- Enable Conditional Access based on devices to ADFS (2012 R2 or higher) protected applications (relying party trusts).
This provides additional security and assurance that access to applications is granted only to trusted devices. For more information on Conditional Access, see Managing Risk with Conditional Access and Setting up On-premises Conditional Access using Microsoft Entra Device Registration.
empee1977
Highly Voted 1 year, 11 months ago
Selected Answer: A
Device writeback is an optional feature in Azure AD Connect that allows the on-premises AD DS domain to receive information about the Azure AD joined devices, including the device registration state. By enabling this feature, you can ensure that the on-premises AD DS domain has information about the Azure AD joined devices, which is required for Windows Hello for Business to function correctly. Once this information is available in the on-premises AD DS domain, you can set the appropriate policies and configure the required infrastructure to support Windows Hello for Business.
upvoted 9 times
RMKA_092
Highly Voted 2 years, 4 months ago
Selected Answer: A
https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs
upvoted 5 times
xrisimix
2 years, 4 months ago
Windows Hello for Business deployments need device writeback, which is an Azure Active Directory premium feature.
upvoted 4 times
stonwall12
Most Recent 2 days, 19 hours ago
Selected Answer: A
Answer: A, Device Writeback This feature allows Windows Hello for Business credentials to be synchronized between on-premises Active Directory and Azure AD, enabling hybrid authentication scenarios.
upvoted 1 times
CM_81
2 months, 3 weeks ago
I can safely say that device writeback is NOT required for WHfB to work with Azure AD hybrid joined machines. I'm running this in multiple client environments with only hybrid config.
upvoted 1 times
MR_Eliot
1 year, 3 months ago
Selected Answer: A
Correct Answer is "A". Device registration All devices included in the Windows Hello for Business deployment must go through device registration. Device registration enables devices to authenticate to identity providers. >> For cloud only and hybrid deployment, the identity provider is Azure Active Directory <<. For on-premises deployments, the identity provider is the on-premises server running the Windows Server 2016 Active Directory Federation Services (AD FS) role.
https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-planning-guide#device-registration
upvoted 1 times
JohnIII
1 year, 5 months ago
Selected Answer: A
It needs to be A
upvoted 1 times
syu31svc
1 year, 9 months ago
Selected Answer: A
https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-device-writeback Answer is A
upvoted 1 times
smol84
1 year, 9 months ago
The device writeback is correct!
upvoted 1 times
Duks
1 year, 9 months ago
A - device writeback 100%
upvoted 1 times
Robert69
2 years ago
Looking at the provided link indeed: Hybrid certificate trust deployments need the device write back feature. Authentication to the Windows Server 2016 Active Directory Federation Services needs both the user and the computer to authenticate. Typically the users are synchronized, but not devices. This prevents AD FS from authenticating the computer and results in Windows Hello for Business certificate enrollment failures. For this reason, Windows Hello for Business deployments need device writeback, which is an Azure Active Directory premium feature.
upvoted 2 times
Vitu
2 years ago
Answer A: Hybrid certificate trust deployments need the device write back feature. Authentication to the Windows Server 2016 Active Directory Federation Services needs both the user and the computer to authenticate. Typically the users are synchronized, but not devices. This prevents AD FS from authenticating the computer and results in Windows Hello for Business certificate enrollment failures. For this reason, Windows Hello for Business deployments need device writeback, which is an Azure Active Directory premium feature.
upvoted 2 times
Ciapek
2 years, 3 months ago
Selected Answer: A
Aswer is A
upvoted 2 times
Justin0020
2 years, 3 months ago
Selected Answer: A
Answer is A, passwords does nothing have to do with Hello for Business
upvoted 3 times
ScarfaceRecords
2 years, 3 months ago
Selected Answer: A
The hybrid-certificate trust deployment needs an Azure Active Directory premium subscription because it uses the device write-back synchronization feature.
upvoted 2 times
LOEG
2 years, 4 months ago
Answer is A
upvoted 4 times