Microsoft Azure Architect Design (AZ-301) Practice Exam 2025 - Free Azure Architect Practice Questions and Study Guide

Recommending Azure AD Domain Services as the solution for allowing cloud-based services to authenticate users securely without requiring hybrid network connectivity is a sound choice. Azure AD Domain Services provides managed domain services such as domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos/NTLM authentication that are fully integrated with Azure Active Directory (Azure AD).

This approach eliminates the need for on-premises infrastructure, as Azure AD Domain Services runs within the Azure environment and does not depend on hybrid connectivity to on-premises domain controllers. It allows applications and services hosted in Azure to authenticate users using the Azure AD credentials, providing a simplified and secure solution when needing to maintain domain capabilities in a cloud-only deployment.

Additionally, this choice allows organizations to leverage their existing Azure AD identities while ensuring that users can access resources in Azure without needing a network connection back to an on-premises environment. This is particularly beneficial for organizations aiming to reduce complexity and increase responsiveness in their cloud solutions.

In contrast, using on-premises domain controllers in Azure may require additional management and maintenance, and typically necessitates hybrid connectivity for authentication. Establishing a new Active Directory forest in Azure creates additional overhead and complexity that isn't necessary for users who are already using Azure AD. Azure AD