ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-304 All Questions

View all questions & answers for the AZ-304 exam
Go to Exam

Exam AZ-304 topic 2 question 37 discussion

Actual exam question from Microsoft's AZ-304
Question #: 37
Topic #: 2
[All AZ-304 Questions]

You are designing an Azure web app that will use Azure Active Directory (Azure AD) for authentication.
You need to recommend a solution to provide users from multiple Azure AD tenants with access to App1. The solution must ensure that the users use Azure Multi-
Factor Authentication (MFA) when they connect to App1.
Which two types of objects should you include in the recommendation? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Azure AD conditional access policies
  • B. Azure AD managed identities
  • C. an Identity Experience Framework policy
  • D. an Azure application security group
  • E. an Endpoint Manager app protection policy
  • F. Azure AD guest accounts
Show Suggested Answer Hide Answer
Suggested Answer: AF 🗳️
by Ganesh_k at March 11, 2021, 2:47 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
sallymaher
Highly Voted 4 years, 3 months ago
Correct answer is A and F , Managed identity for resources , you need to allow other users from other tenant to use your resources and apply conditional access , so you will use guest account ( B2b ) and conditional access
upvoted 87 times
stephw
4 years, 1 month ago
Indeed. In Conditional Access the App will be represented as a service principal ... not as a managed identity ;) => agreed: A/F
upvoted 6 times
...
...
glam
Highly Voted 4 years, 3 months ago
A. Azure AD conditional access policies F. Azure AD guest accounts
upvoted 28 times
...
totalz
Most Recent 2 years, 3 months ago
Even though F is correct, but have u seen what have to be done to make this a valid answer?
upvoted 1 times
...
Jackdisuin
2 years, 5 months ago
correct
upvoted 1 times
...
Snownoodles
2 years, 8 months ago
Selected Answer: AF
The answers given are correct. This question didn't mention "multi-tenant application", only mentioned users from "multi-tenant". IF the application is "multi-tenant", you won't need guest users. But the application in this question is single-tenant.
upvoted 1 times
...
learner06
3 years ago
Selected Answer: AF
A and F are correct
upvoted 1 times
...
AlfL
3 years, 3 months ago
Selected Answer: AF
i choose A F
upvoted 1 times
...
certhawk
3 years, 3 months ago
Correct answer is A & B. The key to the question is "Multiple Azure AD tenants", if all tenants are azure ad, then there's no need to create guest accounts. If tenants were not Azure AD, then guest account would have been possible. Details on how to configure for multiple azure tenants here: https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant
upvoted 1 times
exnaniantwort
3 years, 3 months ago
WRONG With Azure AD B2B, the partner uses their own identity management solution, so there is no external administrative overhead for your organization. Guest users sign in to your apps and services with their own work, school, or social identities. *****The partner uses their own identities and credentials, whether or not they have an Azure AD account.****** You don't need to manage external accounts or passwords. You don't need to sync accounts or manage account lifecycles. https://docs.microsoft.com/en-us/azure/active-directory/external-identities/what-is-b2b F is correct. B is definitely wrong by the way.
upvoted 1 times
...
itenginerd
3 years, 3 months ago
These statements are wholly incorrect: "if all tenants are azure ad, then there's no need to create guest accounts. If tenants were not Azure AD, then guest account would have been possible. " The definition of a guest user is someone who has an account in another Azure AD tenant. There is no concept of a guest user who ISN'T part of another Azure AD tenant. I have access to about 75 customer Azure tenants at the moment, I live and die on guest user access every day.
upvoted 1 times
AberdeenAngus
3 years, 1 month ago
Don't think so... where I work there are hundreds of guest user accounts including my own gmail account, I very much doubt if the rest are all in other Azure AD tenants. I also don't see this as a requirement in https://docs.microsoft.com/en-us/azure/active-directory/external-identities/b2b-quickstart-add-guest-users-portal
upvoted 2 times
JayBee65
3 years ago
With B2B collaboration, you can securely share your company's applications and services with external users, while maintaining control over your own corporate data. Work safely and securely with external partners, large or small, even if they don't have Azure AD or an IT department. So guests can be either users from other AAD or other identities
upvoted 1 times
...
...
...
...
us3r
3 years, 5 months ago
Selected Answer: AF
agree AF
upvoted 1 times
...
Estudante_BH
3 years, 5 months ago
ill go witch A + F it is correct
upvoted 1 times
...
Eitant
3 years, 6 months ago
Selected Answer: AF
Correct answer
upvoted 3 times
...
waqas
3 years, 8 months ago
A & B is the answer
upvoted 3 times
TheAzureArchitect
3 years, 7 months ago
No. By a process of elimination we can say only A&F are correct. We must have guest accounts (or B2C etc) for a multi-tenant app, and must have MFA. These facts rule out the other choices.
upvoted 2 times
...
...
syu31svc
3 years, 9 months ago
"ensure that the users use Azure Multi-Factor Authentication (MFA)" -> This supports A as one of the answers for sure "multiple Azure AD tenants" -> This would support F as the answer Managed identities are for resources and services, not for users hence B is wrong CDE are definitely wrong A and F it is
upvoted 3 times
...
nkv
3 years, 9 months ago
Came in exam on 20-sep-21, i passed, answers are correct
upvoted 3 times
...
teehex
3 years, 10 months ago
A + F are needed. Everything is here https://docs.microsoft.com/en-us/azure/active-directory/external-identities/b2b-tutorial-require-mfa
upvoted 3 times
...
DragonsGav
4 years ago
Answers should be A and C https://docs.microsoft.com/en-us/azure/active-directory-b2c/solution-articles
upvoted 2 times
tita_tovenaar
3 years, 11 months ago
I can't see anything at all in your ref. that would support alternative C.
upvoted 3 times
...
...
QiangQiang
4 years, 1 month ago
AB, register the app allowing multi-tenant access enable conditional access
upvoted 8 times
tita_tovenaar
3 years, 11 months ago
B - managed identities ... that's for services and resources mainly and won't make any bridge between your Ad and the other tenants.
upvoted 4 times
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel