ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-204 All Questions

View all questions & answers for the AZ-204 exam
Go to Exam

Exam AZ-204 topic 2 question 57 discussion

Actual exam question from Microsoft's AZ-204
Question #: 57
Topic #: 2
[All AZ-204 Questions]

You are developing an ASP.NET Core app hosted in Azure App Service.

The app requires custom claims to be returned from Microsoft Entra ID for user authorization. The claims must be removed when the app registration is removed.

You need to include the custom claims in the user access token.

What should you do?

  • A. Require the https://graph.microsoft.com/.default scope during authentication.
  • B. Configure the app to use the OAuth 2.0 authorization code flow.
  • C. Implement custom middleware to retrieve role information from Azure AD.
  • D. Add the groups to the groupMembershipClaims attribute in the app manifest.
  • E. Add the roles to the appRoles attribute in the app manifest.
Show Suggested Answer Hide Answer
Suggested Answer: E 🗳️
by Swekker at Jan. 5, 2024, 1:06 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
kygukyzo
4 months, 4 weeks ago
Selected Answer: E
Correct
upvoted 1 times
...
FeriAZ
1 year, 2 months ago
Selected Answer: E
Azure Active Directory (Azure AD) supports adding custom roles to an application's manifest, which can then be assigned to users or groups. When a user is authenticated, these roles are included in the token as claims. This approach allows for fine-grained access control within your application based on these role assignments. Moreover, when the application registration is deleted, these roles and corresponding claims automatically cease to exist, fulfilling the requirement that the claims must be removed when the app registration is removed.
upvoted 4 times
...
AzDeveloper
1 year, 3 months ago
Selected Answer: E
E not D because of this condition "The claims must be removed when the app registration is removed."
upvoted 3 times
...
AzDeveloper
1 year, 3 months ago
E not D because of this condition "The claims must be removed when the app registration is removed."
upvoted 1 times
...
manopeydakon
1 year, 3 months ago
To include custom claims in the user access token from Microsoft Identity for user authorization, you should: E. Add the roles to the appRoles attribute in the app manifest. Explanation: In the Azure AD app manifest, you can define custom roles using the appRoles attribute. These roles can then be assigned to users, and the associated claims will be included in the user's token. Ensure that the appRoles attribute in the app manifest includes the necessary roles with associated claims, and assign these roles to users accordingly. This approach allows you to customize the claims included in the user's access token when they authenticate with Microsoft Identity.
upvoted 1 times
...
Swekker
1 year, 3 months ago
Selected Answer: E
AppRoles is the way to go. https://learn.microsoft.com/en-us/entra/identity-platform/howto-add-app-roles-in-apps#app-roles-vs-groups
upvoted 3 times
1CY1
10 months, 1 week ago
Setting the Microsoft Entra app manifest appRoles attribute. https://learn.microsoft.com/en-us/entra/identity-platform/reference-app-manifest#approles-attribute
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago