You have a Microsoft 365 tenant that uses an Azure Active Directory (Azure AD) tenant. The Azure AD tenant syncs to an on-premises Active Directory domain by using an instance of Azure AD Connect. You create a new Azure subscription. You discover that the synced on-premises user accounts cannot be assigned roles in the new subscription. You need to ensure that you can assign Azure and Microsoft 365 roles to the synced Azure AD user accounts. What should you do fist?
A. Configure the Azure AD tenant used by the new subscription to use pass-through authentication.
B. Configure the Azure AD tenant used by the new subscription to use federated authentication.
C. Change the Azure AD tenant used by the new subscription.
D. Configure a second instance of Azure AD Connect.