Your company purchases an app named App1. You need to recommend a solution to ensure that App1 can read and modify access reviews. What should you recommend?
A.
From API Management services, publish the API of App1, and then delegate permissions to the Microsoft Graph API.
B.
From the Azure Active Directory admin center, register App1. From the Access control (IAM) blade, delegate permissions.
C.
From the Azure Active Directory admin center, register App1, and then delegate permissions to the Microsoft Graph API.
D.
From API Management services, publish the API of App1. From the Access control (IAM) blade, delegate permissions.
IAM options on resource allows to assign entity's permissions on that resource. In this questions we are ask to delegate permissions to read write access reviews from that app. It will need GraphAPI to query these settings.
'C' for sure. From Microsoft doc https://devblogs.microsoft.com/microsoft365dev/retrieving-azure-ad-access-reviews/#:~:text=Click%20on%20%E2%80%9CSelect%20an%20API%E2%80%9D%2C%20click%20on%20%E2%80%9CMicrosoft,and%20Manage%20all%20programs%20that%20user%20can%20access.
“Register an Azure AD application which has permissions to call the access reviews API in Graph”.
After Registering AppX from Azure AD Admin Center
Portal -> AD -> AppX -> API Permissions -> Microsoft Graph
--> Application Permisions
---> Access Review
-----> AccessReview.Read.All
-----> AccessReview.ReadWrite.All
-----> AccessReview.ReadWrite.Membership
I don't disagree with you, but the explanation circling one and then talking about Graph makes B a suspect answer. Besides, you can't assign rights to Graph (or anything relevant to access reviews) thru IAM as far as I know.
answer should be B becuase when you register an application in AD then authorization in this case should also be thru AD. C can not be the answer because it says 1st register app in AD , then for auth. how can it ship it over to Graph. its my understanding
MS Graph exposes granular permissions to app to access other resources including MS and non-microsoft service. Think of Graph as a broker that sits between the various resource providers. You as a user can give apps (delegate) access to resources bounded by your own privileges. An admin can also give app permissions when user sign in is not supported in which application runs with the permissions assigned by the admin.
Graph enables your app access to all the MS security providers to programmatically access and build custom logic based on the MS provided solution.
This section is not available anymore. Please use the main Exam Page.AZ-304 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
rithvik
Highly Voted 4 years, 1 month agonicksb19
3 years, 10 months agod0bermannn
3 years, 9 months agoglam
Highly Voted 4 years, 1 month agoOne111
Most Recent 2 years, 8 months agoplmmsg
3 years, 1 month agoarun
3 years, 1 month agoAD3
3 years, 2 months agozeeek
3 years, 2 months agoreachmymind
3 years, 2 months agopetey212
3 years, 2 months agoitenginerd
3 years, 1 month agous3r
3 years, 3 months agomoon2351
3 years, 3 months agowardy1983
3 years, 3 months agoryuhei
3 years, 4 months agoEitant
3 years, 4 months agoritgllfjljaeargril
3 years, 4 months agoharkamal
3 years, 6 months agorsharma007
3 years, 6 months ago