Free Preparation Discussions
MENU
Microsoft Exam AZ-104 Topic 4 Question 33 Discussion
Topic #: 4
You configure Azure AD Connect for Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) for an on-premises network. Users report that when they attempt to access myapps.microsoft.com, they are prompted multiple times to sign in and are forced to use an account name that ends with onmicrosoft.com.
You discover that there is a UPN mismatch between Azure AD and the on-premises Active Directory. You need to ensure that the users can use single-sign on (SSO) to access Azure resources.
What should you do first?
Azure AD Connect lists the UPN suffixes that are defined for the domains and tries to match them with a
custom domain in Azure AD. Then it helps you with the appropriate action that needs to be taken. The Azure
AD sign-in page lists the UPN suffixes that are defined for on-premises Active Directory and displays the
corresponding status against each suffix. The status values can be one of the following:
State: Verified
Azure AD Connect found a matching verified domain in Azure AD. All users for this domain can sign in by
using their on-premises credentials.
State: Not verified
Azure AD Connect found a matching custom domain in Azure AD, but it isn't verified. The UPN suffix of the
users of this domain will be changed to the default .onmicrosoft.com suffix after synchronization if the
domain isn't verified.
Action Required: Verify the custom domain in Azure AD.
References: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-user-signin
Currently there are no comments in this discussion, be the first to comment!