Microsoft Azure Solutions Architect Expert AZ-305 Practice Question
Contoso will migrate all workloads to Azure within six months and wants to decommission its on-premises Active Directory Domain Services (AD DS) as soon as possible. Identity requirements are:
Provide single sign-on for new Azure-hosted applications that use SAML or OpenID Connect.
Keep several legacy line-of-business VMs that authenticate by using LDAP and NTLM.
Let external partners who already use Microsoft Entra ID access selected resources with minimal overhead.
Minimize ongoing infrastructure administration.
Which solution should you recommend?
Deploy domain controllers on Azure IaaS VMs, configure Active Directory Federation Services for single sign-on, and invite partners through AD FS claims.
Create an Azure AD B2C tenant, migrate internal identities into it, and federate partner tenants through custom identity providers.
Keep the on-premises AD DS environment, synchronize it to Azure AD with password hash sync, and use Conditional Access policies for partner users.
Create a cloud-only Microsoft Entra ID tenant, enable Azure AD Domain Services for the virtual network, and use Azure AD B2B guest collaboration for partner access.
A cloud-only Microsoft Entra ID tenant natively supports modern SAML and OpenID Connect single sign-on, so no on-premises identity infrastructure is required. Enabling Microsoft Entra Domain Services (formerly Azure AD Domain Services) stands up a managed domain that exposes LDAP, Kerberos, and NTLM, allowing the legacy VMs to authenticate without deploying or managing domain controllers. Azure AD B2B guest collaboration lets partner users sign in with their existing Entra ID credentials, meeting the requirement for low-overhead external access. Deploying IaaS-based domain controllers or AD FS keeps server administration responsibilities, conflicting with the goal of retiring infrastructure, and Azure AD B2C targets consumer scenarios, not internal or partner access.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Microsoft Entra ID and how does it handle single sign-on with SAML and OpenID Connect?
Open an interactive chat with Bash
How does Microsoft Entra Domain Services enable LDAP, Kerberos, and NTLM authentication for legacy applications?
Open an interactive chat with Bash
What is Azure AD B2B guest collaboration and how does it support external users accessing resources?
Open an interactive chat with Bash
Microsoft Azure Solutions Architect Expert AZ-305
Design identity, governance, and monitoring solutions
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .