AZ-800 / Q11 / T1

edykss

Highly Voted 2 years, 2 months ago 

Given answer is correct.

upvoted 11 times 

syu31svc

Highly Voted 1 year, 8 months ago 

Selected Answer: A

https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-compliant-device

Answer is A

upvoted 6 times 

monisshk

Most Recent 4 months ago 

Selected Answer: A

This question is valid Exam date - 27-07-2024

upvoted 1 times 

boapaulo

12 months ago 

Why do not D? To ensure that all objects can be used in Conditional Access policies, you must change the scope from Group2 to Universal Universal security groups can be used anywhere in the forest domain, and can include global users and groups from any domain in the forest. Therefore, changing the scope of Group to Universal will allow it to be used in Conditional Access policies Also, it's important to remember that to use Conditional Access, you need an Azure AD Premium license. Azure AD Premium licenses also include features that allow you to change passwords in the cloud and write the changes to your on-premises AD DS 

https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/identity/azure-ad

https://learn.microsoft.com/en-us/entra/identity/domain-services/tutorial-configure-password-hash-sync

upvoted 1 times 

fran199

1 year, 6 months ago 

Selected Answer: A

A... Given answer is correct.

upvoted 1 times 

SuradjBajaj

1 year, 9 months ago 

Correct! Hybrid Azure AD join needs to be configured to enable Computer1 to be used in Conditional Access Policies. Synchronized users, universal groups and domain local groups can be used in Conditional Access Policies.

upvoted 1 times 

ant_12

1 year, 10 months ago 

Hybrid Azure AD join Allows computer accounts in the on-premises AD DS forest to register with Azure AD. Configuring this option allows you to use features including conditional access in Azure. Thomas, Orin. Exam Ref AZ-800 Administering Windows Server Hybrid Core Infrastructure (3570357) (p. 63). Pearson Education. Kindle Edition.

upvoted 4 times 

Lu5ck

1 year, 11 months ago 

Selected Answer: C

The concept of "writeback" is "Azure-to-onPremises". 

Hybrid Azure join on the other hand is "onPremises-to-Azure". 

"Conditional access" is a azure feature, not available on premises. Thus, to access such feature, it has to be "azure-to-onPremise" aka writeback.

upvoted 3 times 

Lu5ck

1 year, 11 months ago 

Reading it again, C say "<Clear> the Configure device writeback option" but we need to enable it. Therefore, A is the only sensible answer. sorry about this.

upvoted 9 times 

[Removed]

2 years ago 

I think the correct answer is C. 

https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-device-options

 "Device writeback: Device writeback is used to enable Conditional Access based on devices to AD FS (2012 R2 or higher) protected devices" 

https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-device-based-conditional-access-on-premises

 "The following per-requisites are required before you can begin with on-premises conditional access. To enable device write-back for on premises conditional access "

upvoted 4 times