Review Question 1
Scenario: Users want to sign in from anywhere using a work/school account, devices must be secure and manageable.
Answer: ✅ Join the device to Azure AD
Explanation: Joining a device to Azure AD allows full management, compliance policies, and the ability to enable/disable the device. Registering or connecting provides more limited management.

Review Question 2
Scenario: AD DS domain, Azure AD domain, Azure AD Connect with AD FS, password writeback enabled. Need to monitor sync events.
Answer: ✅ Install Azure AD Connect Health
Explanation: Azure AD Connect Health provides monitoring for synchronization, alerts, and performance metrics.

Review Question 3
Scenario: Differences between Azure AD and AD DS.
Answers: ✅

• Azure AD uses HTTP and HTTPS communications

• There are no Organizational Units (OUs) or Group Policy Objects (GPOs) in Azure AD

• Azure AD includes Federation Services

Explanation: AD DS uses LDAP/Kerberos and supports OUs/GPOs. Azure AD is cloud-based, uses web protocols, and has built-in federation features.

Review Question 4
Scenario: Adding a user with a Microsoft account to your subscription.
Answer: ✅ Guest User
Explanation: A Microsoft account (personal account) added to an Azure AD tenant is treated as a guest user.

Review Question 5
Scenario: Configuring Self-Service Password Reset (SSPR). Identify what is not a validation method.
Answer: ✅ A paging service
Explanation: SSPR uses email, SMS/phone, or security questions. Paging is not supported.

Review Question 6
Scenario: Assigning Azure AD roles for managing groups and assigning admin roles.
Answer: ✅ Global administrator
Explanation: The Global Administrator has full privileges, including managing all groups and assigning admin roles. Other roles have limited scopes.