ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-304 All Questions

View all questions & answers for the AZ-304 exam
Go to Exam

Exam AZ-304 topic 2 question 17 discussion

Actual exam question from Microsoft's AZ-304
Question #: 17
Topic #: 2
[All AZ-304 Questions]

HOTSPOT -
You plan to deploy an Azure web app named App1 that will use Azure Active Directory (Azure AD) authentication.
App1 will be accessed from the internet by the users at your company. All the users have computers that run Windows 10 and are joined to Azure AD.
You need to recommend a solution to ensure that the users can connect to App1 without being prompted for authentication and can access App1 only from company-owned computers.
What should you recommend for each requirement? To answer, select the appropriate options in the answer area.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: An Azure AD app registration
Azure active directory (AD) provides cloud based directory and identity management services.You can use azure AD to manage users of your application and authenticate access to your applications using azure active directory.
You register your application with Azure active directory tenant.
Box 2: A conditional access policy
Conditional Access policies at their simplest are if-then statements, if a user wants to access a resource, then they must complete an action.
By using Conditional Access policies, you can apply the right access controls when needed to keep your organization secure and stay out of your user's way when not needed.

Reference:
https://codingcanvas.com/using-azure-active-directory-authentication-in-your-web-application/ https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
by mmmore at Dec. 3, 2020, 7:45 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
mmmore
Highly Voted 4 years, 6 months ago
Seems correct.
upvoted 38 times
...
glam
Highly Voted 4 years, 4 months ago
Box 1: An Azure AD app registration Box 2: A conditional access policy
upvoted 24 times
...
Snownoodles
Most Recent 2 years, 8 months ago
Azure joined devices can "SSO to both cloud and on-premises resources" https://learn.microsoft.com/en-us/azure/active-directory/devices/concept-azure-ad-join
upvoted 1 times
...
Pinkee888
3 years, 2 months ago
Presented answer is correct. Register the app uses key vault for authentication, no longer prompts for authentication and restrict access exclusive to company supplied computers through conditional access policy.
upvoted 1 times
AberdeenAngus
2 years, 11 months ago
"Register the app uses key vault for authentication, no longer prompts for authentication"?? Anyone know a doc which supports this?
upvoted 1 times
...
...
hertino
3 years, 2 months ago
In AZ-305 exam, 9 april 22
upvoted 7 times
...
teyol51117
3 years, 2 months ago
On exam 31.03.2022
upvoted 2 times
...
plmmsg
3 years, 3 months ago
App registration Conditional access policy
upvoted 1 times
...
syu31svc
3 years, 8 months ago
https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy Application Proxy is a feature of Azure AD that enables users to access on-premises web applications from a remote client https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview Managed identities provide an identity for applications to use when connecting to resources that support Azure Active Directory (Azure AD) authentication 1st drop down is app registration "access App1 only from company-owned computers" -> this would be conditional access
upvoted 4 times
examineezer
3 years, 6 months ago
It isnt an on-premises web application.
upvoted 1 times
...
...
red_vix
3 years, 10 months ago
very good
upvoted 1 times
...
lowczy
3 years, 11 months ago
This question appeared in real exam.
upvoted 5 times
...
ruckii
4 years ago
only from company own computers. if we go with app registration, will this be full filed?
upvoted 1 times
DragonsGav
3 years, 11 months ago
App Registration - Register the Application - Configure SSO Conditional Access will make sure only Domain joined computers are allowed.
upvoted 2 times
...
pentium75
3 years, 10 months ago
The app "will use Azure Active Directory (Azure AD) authentication" - and it will do that because you register it as an app in AAD and configure SSO. Once its registered in AAD, you can use Conditional Access policies to configure options for this specific app - and here you can specify that computers must be domain-joined.
upvoted 4 times
...
...
ReginaldoBarreto
4 years, 2 months ago
https://docs.microsoft.com/en-us/powerapps/developer/data-platform/walkthrough-register-app-azure-active-directory#:~:text=Create%20an%20application%20registration%201%20Create%20an%20application,the%20options%20and%20click%20on%20Add%20permissions.%20 "After consenting to use their Dataverse account with the ISV's application, end users can connect to Dataverse environment from external application. The consent form is not displayed again to other users after the first user who has already consented to use the ISV's app. Apps registered in Azure Active Directory are multi-tenant, which implies that other Dataverse users from other tenant can connect to their environment using the ISV's app."
upvoted 1 times
...
Ganesh_k
4 years, 3 months ago
Ans should be Managed identity and Conditional access https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=dotnet
upvoted 2 times
j888
4 years, 3 months ago
I believed managed Identity is to give permission to the application itself to access other resources. Meanwhile, the Azure AD app registration is to allow the authenticated user on Azure AD to sign in to the registered application. So the answer itself is correct.
upvoted 8 times
...
...
Tidopuddy
4 years, 3 months ago
Box 1. App Proxy Box 2. Conditional access policy
upvoted 6 times
zipstore
4 years, 2 months ago
No on-premise AD involved, only Azure AD.
upvoted 1 times
...
DragonsGav
3 years, 11 months ago
Application proxy is only for apps which are on-prem and you want to publish them so users do not require VPN. Question is for a Web App configured in Azure, not an application hosted in a company DC.
upvoted 3 times
...
youlitai003
4 years, 2 months ago
"Azure Active Directory's Application Proxy provides secure remote access to on-premises web applications." https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy App1 is an Az Web APP.
upvoted 2 times
...
...
[Removed]
4 years, 4 months ago
How app registration with ad will ensure user can connect without being prompted for authentication?
upvoted 4 times
mshad
3 years, 12 months ago
I also had the same question
upvoted 1 times
...
Said_kram
4 years, 1 month ago
we can set up authentication (SSO) in app registration
upvoted 1 times
...
pentium75
3 years, 10 months ago
The users are using Windows 10 on domain-joined computers, thus the users are already authenticated to Azure AD. When you configure the App for SSO with Azure AD, users are logged in automatically "without being prompted for authentication [another time]".
upvoted 3 times
...
...
milind8451
4 years, 5 months ago
Right ans.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel