ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-304 All Questions

View all questions & answers for the AZ-304 exam
Go to Exam

Exam AZ-304 topic 2 question 7 discussion

Actual exam question from Microsoft's AZ-304
Question #: 7
Topic #: 2
[All AZ-304 Questions]

DRAG DROP -
A company named Contoso, Ltd. has an Azure Active Directory (Azure AD) tenant that uses the Basic license.
You plan to deploy two applications to Azure. The applications have the requirements shown in the following table.

Which authentication strategy should you recommend for each application? To answer, drag the appropriate authentication strategies to the correct applications.
Each authentication strategy may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: Azure AD V2.0 endpoint -
Microsoft identity platform is an evolution of the Azure Active Directory (Azure AD) developer platform. It allows developers to build applications that sign in all
Microsoft identities and get tokens to call Microsoft APIs, such as Microsoft Graph, or APIs that developers have built. The Microsoft identity platform consists of:
OAuth 2.0 and OpenID Connect standard-compliant authentication service that enables developers to authenticate any Microsoft identity, including:
Work or school accounts (provisioned through Azure AD)
Personal Microsoft accounts (such as Skype, Xbox, and Outlook.com)
Social or local accounts (via Azure AD B2C)

Box 2: Azure AD B2C tenant -
Azure Active Directory B2C provides business-to-customer identity as a service. Your customers use their preferred social, enterprise, or local account identities to get single sign-on access to your applications and APIs.
Azure Active Directory B2C (Azure AD B2C) integrates directly with Azure Multi-Factor Authentication so that you can add a second layer of security to sign-up and sign-in experiences in your applications.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-reference-mfa https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-overview
by mmmore at Dec. 3, 2020, 7:28 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
mmmore
Highly Voted 4 years, 5 months ago
I believe the answers are the other way around: Box 1: B2C Box 2: V2 endpoint
upvoted 163 times
Pinkee888
3 years, 1 month ago
Agree Customers - Business to Customers \ Reporting contoso credential and Microsoft account so should be v2.0
upvoted 2 times
...
sanketshah
4 years, 4 months ago
B2C V2 Endpoint
upvoted 4 times
...
Wis10
3 years, 11 months ago
Correct. B2C intended to customer-facing apps, V2 you can manage the accounts from Azure AD
upvoted 4 times
...
KhabibcandefeatGSP
3 years, 12 months ago
Both should be Azure AD v2.0 which is actually MS Identity platform v2.0. Azure AD 1.0 didn't support personal account logins but V2.0 does. Question says "Each authentication strategy may be more than once". So in my view "Azure AD v2.0" can be used for both. Evidence - Check out the diagram in this link - https://docs.microsoft.com/en-us/azure/active-directory/azuread-dev/about-microsoft-identity-platform#microsoft-identity-platform-experience
upvoted 3 times
pentium75
3 years, 9 months ago
They have Azure AD Basic (!) tenant. Basic doesn't support MFA (except for O365 apps). Customers are supposed to use MFA, thus they need B2C tenant for that. Azure AD 2.0 endpoint would work if they had P1 license.
upvoted 5 times
...
...
Load full discussion...
...
aspirin
Highly Voted 4 years ago
1/3 answers on examtopics.com have a false answer - this is one of the false. The learn effect sucks if people can only pay to correct the answers but no one change it in the frontend. When you don't know anything, why musst people pay for that?
upvoted 70 times
...
AubinBakana
Most Recent 2 years, 9 months ago
The confusion here stems from the face that first App is called Customer & the Other Reporting. If you read carefully you will understand that both apps are customer facing app. Customer App: AAD v2 Reporting App: B2C Tenant Answer is correct.
upvoted 3 times
...
vijeet
2 years, 11 months ago
Azure AD B2C is a separate service from Azure Active Directory (Azure AD). It is built on the same technology as Azure AD but for a different purpose. It allows businesses to build customer facing applications, and then allow anyone to sign up into those applications with no restrictions on user account. Reporting: "Must be able to manage account from Azure AD" thus V2 is correct Customer: B2C supports MFA from personal account V1 is not recommended
upvoted 1 times
...
Kent_020
3 years, 1 month ago
The answer is correct. #1 Azure AD – identity as a service provider for organization users, providing and controlling access to cloud resources #2 Azure AD B2B – a feature in Azure AD which allows cross-organization collaboration through authentication #3 Azure AD B2C – an independent service for building consumer application identity repository
upvoted 1 times
...
cloudera
3 years, 1 month ago
B2C (for Customer access) and ADV2 for Reporting access.
upvoted 2 times
...
plmmsg
3 years, 2 months ago
Box 1: B2C Box 2: V2 endpoint
upvoted 1 times
...
arun
3 years, 2 months ago
https://docs.microsoft.com/en-us/azure/active-directory-b2c/multi-factor-authentication?pivots=b2c-user-flow - for customer to access using personal account with MFA, so B2C https://joonasw.net/view/azure-ad-v2-and-msal-from-dev-pov - for Report users to access using either organization or personal account with MFA, so AAD V2 endpoint.
upvoted 1 times
...
zeeek
3 years, 2 months ago
box 1 B2C because the personal account only and no AD credentials Box 2 V2 endpoint, recommended for new projects
upvoted 2 times
...
smonkey
3 years, 4 months ago
MFA-b2c https://docs.microsoft.com/en-us/azure/active-directory-b2c/multi-factor-authentication?pivots=b2c-user-flow
upvoted 1 times
17Master
3 years, 2 months ago
in your link it says: Azure Active Directory B2C (Azure AD B2C) integrates directly with Azure AD Multi-Factor Authentication. then you need a P1 license. does not apply with the Azure request. Both must be Azure AD v2.0
upvoted 1 times
BayleafSoftware
1 year, 7 months ago
No you dont, with Basic you can still have MFA if you enable system defaults, which will apply MFA to ALL. you only need the P1 to be able to pick and chose who has MFA
upvoted 1 times
...
...
...
leo_az300
3 years, 7 months ago
Azure AD B2C and Azure AD 2.0 Azure AD B2C is a separate service from Azure Active Directory (Azure AD). It is built on the same technology as Azure AD but for a different purpose. So it can NOT be used to Reporting Application which required for managing azzount from Azure AD. As ther Azure AD is using basic license which does NOT support MFA, only Azure AD B2C meets Customer application requirement.
upvoted 3 times
...
syu31svc
3 years, 7 months ago
Answers are reversed https://docs.microsoft.com/en-us/azure/active-directory-b2c/overview Your customers use their preferred social, enterprise, or local account identities to get single sign-on access to your applications and APIs https://docs.microsoft.com/en-us/azure/active-directory-b2c/multi-factor-authentication?pivots=b2c-user-flow Azure Active Directory B2C (Azure AD B2C) integrates directly with Azure AD Multi-Factor Authentication so that you can add a second layer of security to sign-up and sign-in experiences in your applications https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-overview OAuth 2.0 and OpenID Connect standard-compliant authentication service enabling developers to authenticate several identity types, including: Work or school accounts, provisioned through Azure AD Personal Microsoft account, like Skype, Xbox, and Outlook.com Social or local accounts, by using Azure AD B2C
upvoted 4 times
...
Dhelailla
3 years, 8 months ago
Given answer is correct. Customer = V2 endpoint (Only need a personal MS account) Reporting = B2C (Contoso or personal MS account) See also: https://docs.microsoft.com/en-us/azure/active-directory-b2c/overview
upvoted 5 times
...
Venkatmr
3 years, 8 months ago
The answer provided here is correct https://docs.microsoft.com/en-us/azure/active-directory-b2c/overview
upvoted 1 times
...
Kowser
3 years, 8 months ago
answer would be box 1 B2C AND Box 2 :- v2 enpoint https://docs.microsoft.com/en-us/azure/active-directory-b2c/multi-factor-authentication?pivots=b2c-user-flow
upvoted 2 times
...
souvik123
3 years, 8 months ago
Box 1: B2C Box 2: V2 endpoint
upvoted 2 times
...
PerfumoPeru
3 years, 9 months ago
This is the right one...: Reporting App has azure AD Tenant, so it should be managed by an Azure AD V2 endpoint, because Azure AD B2C is flawed on Authorization, it doesn't have RBAC but it has policy claims which is not enough for Contoso. Customer, definitely is a Azure B2C management for sure.
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago