HOTSPOT - You need to configure app registration in Azure AD to meet the delegation requirements. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
The answer is Correct!
1: Requirements for delegation clearly says " Prevent users to register applications"
2: User1 would need App Developer to register an app in tenant using "principle of least privilege"
The answer is correct.
Application Developer
Users in this role can create application registrations when the "Users can register applications" setting is set to No. This role also grants permission to consent on one's own behalf when the "Users can consent to apps accessing company data on their behalf" setting is set to No. Users assigned to this role are added as owners when creating new application registrations.
https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#application-developer
Why would the first answer of "Allow users to register application" be correct when it is clearly stated "Prevent nonprivileged users from registering applications in the litware.com Azure AD tenant." ?
The Application Developper role is correct for the second choice tho.
Given answer is correct.
For both questions see URL provide in answer section of question;
https://docs.microsoft.com/en-us/azure/active-directory/roles/delegate-app-roles#restrict-who-can-create-applications
and extraction from URL's
#1 "On the User settings page for your organization, set the Users can register applications setting to No. This will disable the default ability for users to create application registrations."
#2 "By default in Azure AD, all users can register applications and manage all aspects of applications they create. Everyone also has the ability to consent to apps accessing company data on their behalf. You can choose to selectively grant those permissions by setting the global switches to 'No' and adding the selected users to the Application Developer role."
These meet question answers
Second answer is not correct.
Here the case study delegation requirement:
"Ensure that User1 can create enterprise applications in Azure AD"
Now search for "create enterprise application" here: https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/delegate-by-task
It is the Cloud Application Administrator.
Application Developer can "Create application registration when ability is disabled for all users", indeed, but no mention on Enterprise Apps description.
Well, you can start arguing here that he has the microsoft.directory/servicePrincipals/createAsOwner permission, and I'd reply "where is the requirement for User1 to be automatically assigned owner?" And what is the practical use of the whole dumb MSFT question? Such questions are a pure chicanery.
If you follow the instructions below, the prerequisites are on ALL steps to be Application Administrator.
https://learn.microsoft.com/en-us/entra/identity/app-proxy/application-proxy-add-on-premises-application#prerequisites
I'm changing my answer. Given answer is correct.
#1: Users Can Register Apps
You would configure this to "NO"
That solves this sentence:
Prevent nonprivileged users from registering applications in the litware.com Azure AD tenant.
#2: Application Developer
"Assign the Application Developer role to grant the ability to create application registrations when the Users can register applications setting is set to No."
https://learn.microsoft.com/en-us/azure/active-directory/roles/delegate-app-roles#grant-individual-permissions-to-create-and-consent-to-applications-when-the-default-ability-is-disabled
I don't know anymore. Cloud App Admin and App Admin all talk about the ability to register ENTERPRISE apps, which is part of the question. Application Developers apparently don't have that ability.
https://learn.microsoft.com/en-us/answers/questions/270680/app-registration-vs-enterprise-applications
Maybe it is Cloud App Admin afterall.....
For the role to assign to User1:
I'm still not sure about this. The question says:
- Litware.com contains a user named User1 who oversees all application development.
Litware implements Azure AD Application Proxy.
- Ensure that User1 can create enterprise applications in Azure AD.
With enterprise apps, it has to be at least Cloud application administrator. But, if you have to also set up application proxy, then it should be Application administrator.
I'll go with Cloud application admin, but I'm not 100% sure about it.
1: Allow users to register application
2: Application administrator. Requirement: Ensure that User1 can create "enterprise applications" in Azure AD. To add an enterprise application to your Azure AD tenant, you need one of the following roles: Global Administrator, or Application Administrator.
https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/add-application-portal
Weired. In the text they are talking about enterprise app. There you would need cloud application admin. In the question they are asking for app registration. There App Developer would be enough.
For second one, it clearly states: Ensure that User1 can create enterprise applications in Azure AD, not register application., two different things. The key word is Create Enterprise Applications. You need Cloud Application Administrator
1. A
2.C
From Microsoft link:
https://learn.microsoft.com/en-us/azure/active-directory/roles/delegate-app-roles
Assign the Application Developer role to grant the ability to create application registrations when the Users can register applications setting is set to No. This role also grants permission to consent on one's own behalf when the Users can consent to apps accessing company data on their behalf setting is set to No.
note that in the deligation requirements it had been cleary mentioned that the user! had to be able to cretae enterpirse appliacations which can be done by CAA via least previlage. App developer doesnt have the ability to create enterprise apps. HBope this clears.
It 100% should be Cloud App Admin according to the least privileged roles documentation for "Create Enterprise Application" action: https://learn.microsoft.com/en-us/azure/active-directory/roles/delegate-by-task#groups
Not only does your link say Application Developer is the least privilege role for this (https://learn.microsoft.com/en-us/azure/active-directory/roles/delegate-by-task#application-proxy), but also you should know that Cloud Application *Administrator* is equal to Application Administrator except for App Proxy, both of which are much more privileged than Application Developer
There is a difference between application and creating an enterprise application. Application developer role cannot add an enterprise application in Azure AD
"To add an enterprise application to your Azure AD tenant, you need:
An Azure AD user account. If you don't already have one, you can Create an account for free.
One of the following roles: Global Administrator, Cloud Application Administrator, or Application Administrator."
https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/add-application-portal
Typo: There is a difference between application registration and creating an enterprise application. Application developer role cannot add an enterprise application in Azure AD
I tested this and also found this,
- One of the following roles: Global Administrator, Cloud Application Administrator, or Application Administrator.
https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/add-application-portal#add-an-enterprise-application
1 - Allow Users to register applications
2 - Cloud Application Administrator (You cannot register Enterprise Apps with APPLICATION DEVELOPER and Application Administrator gives you Application proxy access)
Correct. I am going with:
1. Allow users to register application
2. Cloud Administrator
(https://learn.microsoft.com/en-us/azure/active-directory/roles/delegate-by-task#enterprise-applications)
Application Developer CANNOT create enterprise application. Requirements say Ensure that user1 can create enterprise applications in Azure AD
I don't think 1 answer is correct.
What does "Allow users to register app" mean? To allow it you should go;
Azure AD-->User settings-->App registrations --> Users can register applications -->yes
Is it requirement? No.
This section is not available anymore. Please use the main Exam Page.SC-300 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
hwoarang
Highly Voted 2 years, 4 months agojack987
1 year, 5 months agoJCkD4Ni3L
7 months, 3 weeks agoJimboJones99
7 months, 1 week agoRandomNickname
Highly Voted 1 year, 11 months agoNyamnyam
Most Recent 6 months, 2 weeks agoIntrudire
7 months, 1 week agoIntrudire
7 months, 1 week agoIntrudire
7 months, 1 week agopenatuna
8 months agonorthgaterebel
9 months agoeinkaufacs
10 months, 1 week agodule27
11 months agoJN_311
11 months agoJN_311
11 months, 2 weeks agoLeTrinh
1 year, 3 months agodivyakanth
1 year, 3 months agoBB6919
1 year, 4 months agoLP223
1 year, 4 months agoThotSlayer69
1 year, 4 months agoFaheem2020
1 year, 8 months agoFaheem2020
1 year, 8 months agoHot_156
1 year, 7 months agoZak366
1 year, 3 months agokakakayayaya
2 years agoJun143
2 years, 2 months agostromnessian
2 years, 2 months ago