HOTSPOT
You have an Exchange Server 2013 organization.
You plan to implement a hybrid deployment with Microsoft Office 365. Active Directory Federation
services (AD FS) will be used to provide Single Sign-On (SSO). Users will access the hybrid
deployment by using Microsoft Outlook 2013 and mobile devices.
A user named User1 changes the password for his on-promises Active Directory user account.
You need to identify whether User1 will be prompted for a password when accessing his mailbox
from various client types.
In the table below identify whether User1 will be prompted for a password when accessing his
mailbox from various clients.
NOTE: Make only one selection in each row.
Explanation:
The following describes user experiences with single sign-on from within the network:
* (1) Work computer on a corporate network: When users are at work and signed in to the corporate
network, single sign-on enables them to access the cloud service without signing in again.
If the user is connecting from outside your company’s network or accessing services from particular
devices or applications, such as in the following situations, you must deploy an STS proxy. If you plan
to use AD FS for your STS, see Checklist: Use AD FS to implement and manage single sign-on for
more information about how to set up an AD FS proxy.
* (2) Home or public computer: When the user is using a computer that is not joined to the
corporate domain, the user must sign in with their corporate credentials to access the cloud service.
* (3) Smart phone: On a smart phone, to access the cloud service such as Microsoft Exchange Online
using Microsoft Exchange ActiveSync, the user must sign in with their corporate credentials.
* Work computer, roaming: Users who are logged on to domain-joined computers with their
corporate credentials, but who are not connected to the corporate network (for example, a work
computer at home or at a hotel), can access the cloud service.
* Microsoft Outlook or other email clients: The user must sign in with their corporate credentials to
access their email if they are using Outlook or an email client that is not part of Office; for example,
an IMAP or POP client.
DirSync with Single Sign-On
https://msdn.microsoft.com/en-us/library/azure/dn441213.aspx