Microsoft Azure Architect Design (AZ-301) Practice Exam

Which solution should you recommend for allowing cloud-based services to authenticate users securely without hybrid network connectivity?

• A. Azure AD Domain Services
• B. On-premises domain controllers in Azure
• C. A new Active Directory forest in Azure
• D. Azure AD Connect with federation

The correct answer is: Azure AD Domain Services

Recommending Azure AD Domain Services as the solution for allowing cloud-based services to authenticate users securely without requiring hybrid network connectivity is a sound choice. Azure AD Domain Services provides managed domain services such as domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos/NTLM authentication that are fully integrated with Azure Active Directory (Azure AD). This approach eliminates the need for on-premises infrastructure, as Azure AD Domain Services runs within the Azure environment and does not depend on hybrid connectivity to on-premises domain controllers. It allows applications and services hosted in Azure to authenticate users using the Azure AD credentials, providing a simplified and secure solution when needing to maintain domain capabilities in a cloud-only deployment. Additionally, this choice allows organizations to leverage their existing Azure AD identities while ensuring that users can access resources in Azure without needing a network connection back to an on-premises environment. This is particularly beneficial for organizations aiming to reduce complexity and increase responsiveness in their cloud solutions. In contrast, using on-premises domain controllers in Azure may require additional management and maintenance, and typically necessitates hybrid connectivity for authentication. Establishing a new Active Directory forest in Azure creates additional overhead and complexity that isn't necessary for users who are already using Azure AD. Azure AD