ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-304 All Questions

View all questions & answers for the AZ-304 exam
Go to Exam

Exam AZ-304 topic 2 question 40 discussion

Actual exam question from Microsoft's AZ-304
Question #: 40
Topic #: 2
[All AZ-304 Questions]

Your company has the divisions shown in the following table.

Sub1 contains an Azure web app that runs an ASP.NET application named App1. App1 uses the Microsoft identity platform (v2.0) to handle user authentication.
Users from east.contoso.com can authenticate to App1.
You need to recommend a solution to allow users from west.contoso.com to authenticate to App1.
What should you recommend for the west.contoso.com Azure AD tenant?

  • A. a conditional access policy
  • B. pass-through authentication
  • C. guest accounts
  • D. an app registration
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by kwaazaar at March 12, 2021, 4:03 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
jallaix
Highly Voted 4 years, 2 months ago
Login through app registration with multi-tenant enabled: AADSTS50020: User account '[email protected]' from identity provider 'tenant2.com' does not exist in tenant 'tenant1' and cannot access the application 'xxx' in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account. It works after inviting the user as a guest, thus answer is C.
upvoted 59 times
gssd4scoder
4 years, 1 month ago
agree with u
upvoted 1 times
...
subbu3071988
3 years, 8 months ago
Ok let's consider it should be a combination of both guest user account(s) and then app registered for the tenant user(s). However, just by allowing access as a guest account user(s), will not solve the authentication concern. App registration for that tenant is a must and outweighs the basic guest account access. With Option C, you can complete the solution with option D. But most importantly, Option C alone cannot be a recommended independent solution. So I would go for Option D.
upvoted 7 times
rdemontis
3 years, 7 months ago
You don't need to register the app on the tenant2 using guest accounts. Guest users should be defined in tenant1 so you can access to the tenant1 resources using your tenant2 account credentials.
upvoted 2 times
yyuryyucicuryyforme
3 years, 5 months ago
My thoughts are we have two possible solution recommendations are 1) use guest accounts 2) convert single tenant app to multi tenant. However option 2) is not the simplest and may ideally require application changes to handle admin consent process - and also there is no need for creating an app registration in the added tenant so would seem to rule out D). Option1) is simplest and we are talking about a single organization albeit two divisions - there may never be more than one extra tenant and multitenant conversion would be overkill, so my answer would be C). A) or B) do not contribute to solving the main requirement.
upvoted 1 times
...
...
...
...
Lb83
Highly Voted 4 years, 2 months ago
An account with the right privileges to the west tenant has to register the app so that the app can be associated with their directory. This implies that the app is configured for multi tenancy. If the question asked "what could be done in East?" Guest accounts would be viable.
upvoted 23 times
soucine
3 years, 3 months ago
I don't think registering the app would be enough, since the ASP.NET code need to validate the issued AD token using the tenant id and the client id (information you get when you register the app). => Answer : C
upvoted 1 times
...
...
GarryK
Most Recent 2 years, 8 months ago
Selected Answer: C
https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant App registration is already done in the home tenant East. You dont need another app registration in the tenant West even if you picked multi-tenant. https://learn.microsoft.com/en-us/azure/active-directory/develop/single-and-multi-tenant-apps Even its recommended here to use guest accounts: Accounts in this directory only Single tenant All user and guest accounts in your directory can use your application or API. Use this option if your target audience is internal to your organization.
upvoted 1 times
MARKMKENYA
2 years, 4 months ago
Its the same organization and the app access is not temporary. I think the correct answer is app registration and selecting multi tenant. Guest users are users in another organization - not for users in your organization but in a different office using a different child domain.
upvoted 1 times
...
...
AubinBakana
2 years, 10 months ago
Selected Answer: D
Both Apps are of the same company. Those who are thinking of Guess account are not thinking hard enough. When setting App Registration you get to specify if this app will be available to other apps in the account.
upvoted 2 times
...
AberdeenAngus
3 years ago
I'm going A, Conditional Access Policy. I really don't think guest accounts are needed. The new tenant does need a conditional access policy to control logins to the app. https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant
upvoted 1 times
...
Teringzooi
3 years, 1 month ago
Today in AZ-305 exam. None of these answers came in the exam. I chose Goverenance Identity.
upvoted 5 times
...
Zsolt72
3 years, 2 months ago
Selected Answer: C
It says: App1 uses the Microsoft identity platform (v2.0) to handle user authentication. This means that you already had az app registration! For the other tenant users the the guest account setup is needed.
upvoted 5 times
...
cloudera
3 years, 2 months ago
Selected Answer: C
Which comes first chicken or eggs? LOL Very debatable question. Apps need to be registered first on AAD and then invite guest users from west.tenant.name, then the users accept the terms and conditions etc and vola... (you know the rest :)) I would pick C. Guest Account as the answer.
upvoted 2 times
...
itenginerd
3 years, 3 months ago
On my exam today.
upvoted 1 times
...
Dawn7
3 years, 3 months ago
Selected Answer: C
I would go with C
upvoted 1 times
...
jaydee7
3 years, 3 months ago
keep going, as of today C leads with 3 votes while D has 2 votes.
upvoted 1 times
...
Jcbrow27
3 years, 3 months ago
Selected Answer: C
Guest is correct
upvoted 1 times
...
Devangkumar
3 years, 3 months ago
Selected Answer: D
D seems correct answer! Single-tenant apps are only available in the tenant they were registered in, also known as their home tenant. Multi-tenant apps are available to users in both their home tenant and other tenants. Source: https://docs.microsoft.com/en-us/azure/active-directory/develop/single-and-multi-tenant-apps
upvoted 3 times
...
plmmsg
3 years, 3 months ago
Selected Answer: C
Guest account
upvoted 1 times
...
us3r
3 years, 5 months ago
Selected Answer: C
question is for west AAD tenant, answer is GUEST ACCOUTNS
upvoted 1 times
...
sprabhuraj
3 years, 5 months ago
Selected Answer: C
Check the discussion
upvoted 1 times
...
Dpejic
3 years, 6 months ago
On exam 24.12.2021
upvoted 3 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel