ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-304 All Questions

View all questions & answers for the AZ-304 exam
Go to Exam

Exam AZ-304 topic 2 question 53 discussion

Actual exam question from Microsoft's AZ-304
Question #: 53
Topic #: 2
[All AZ-304 Questions]

A company named Contoso, Ltd. has an Azure Active Directory (Azure AD) tenant that is integrated with Microsoft 365 and an Azure subscription.
Contoso has an on-premises identity infrastructure. The infrastructure includes servers that run Active Directory Domain Services (AD DS), Active Directory
Federation Services (AD FS), Azure AD Connect, and Microsoft Identity Manager (MIM).
Contoso has a partnership with a company named Fabrikam, Inc. Fabrikam has an Active Directory forest and a Microsoft 365 tenant. Fabrikam has the same on- premises identity infrastructure components as Contoso.
A team of 10 developers from Fabrikam will work on an Azure solution that will be hosted in the Azure subscription of Contoso. The developers must be added to the Contributor role for a resource group in the Contoso subscription.
You need to recommend a solution to ensure that Contoso can assign the role to the 10 Fabrikam developers. The solution must ensure that the Fabrikam developers use their existing credentials to access resources.
What should you recommend?

  • A. Configure an AD FS relying party trust between the Fabrikam and Contoso AD FS infrastructure.
  • B. In the Azure AD tenant of Contoso, create cloud-only user accounts for the Fabrikam developers.
  • C. Configure an organization relationship between the Microsoft 365 tenants of Fabrikam and Contoso.
  • D. In the Azure AD tenant of Contoso, use MIM to create guest accounts for the Fabrikam developers.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
Azure Active Directory (Azure AD) business-to-business (B2B) collaboration is a feature within External Identities that lets you invite guest users to collaborate with your organization. With B2B collaboration, you can securely share your company's applications and services with guest users from any other organization, while maintaining control over your own corporate data.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/external-identities/what-is-b2b
by VincentZhang at Sept. 28, 2021, 10:01 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
syu31svc
Highly Voted 3 years, 8 months ago
"Contoso has a partnership with a company named Fabrikam" so this would mean Azure AD B2B https://docs.microsoft.com/en-us/azure/active-directory/external-identities/what-is-b2b Answer is D
upvoted 13 times
...
jr_luciano
Most Recent 3 years, 4 months ago
But if you create guest accounts, you are not meeting this requirement: "The solution must ensure that the Fabrikam developers use their existing credentials to access resources."
upvoted 1 times
jr_luciano
3 years, 4 months ago
Sorry, the given answer is correct!
upvoted 1 times
...
...
Uglydotcom
3 years, 4 months ago
Selected Answer: D
Only D is providing Guest access to Contoso. Guest access will allow them to use their creds.
upvoted 2 times
...
agente232
3 years, 5 months ago
answer D does not fulfill the requirements as it is creating guest accounts D. In the Azure AD tenant of Contoso, use MIM to create guest accounts for the Fabrikam developers.
upvoted 1 times
yyuryyucicuryyforme
3 years, 5 months ago
Actually answer D does certainly work for granting Fabrikam Azure AD tenant existing identities access to Contoso Azure subscription resources
upvoted 1 times
yyuryyucicuryyforme
3 years, 5 months ago
https://docs.microsoft.com/en-us/microsoft-identity-manager/microsoft-identity-manager-2016-connector-graph
upvoted 1 times
...
...
...
ksml
3 years, 8 months ago
Why not B? I don't see any MIM reference on linked page: https://docs.microsoft.com/en-us/azure/active-directory/external-identities/what-is-b2b
upvoted 1 times
examineezer
3 years, 5 months ago
Reference to MIM here https://docs.microsoft.com/en-us/azure/active-directory/external-identities/hybrid-cloud-to-on-premises
upvoted 2 times
examineezer
3 years, 5 months ago
Apologies - the link above seems to be specifically for accessing on-premise applications. You may be right, maybe it is B.
upvoted 1 times
examineezer
3 years, 5 months ago
Nope - B is wrong because: "A cloud-only user account is an account that was created in your Azure AD directory using either the Azure portal or Azure AD PowerShell cmdlets. These user accounts aren't synchronized from an on-premises directory." ...and... "The solution must ensure that the Fabrikam developers use their existing credentials to access resources."
upvoted 2 times
examineezer
3 years, 5 months ago
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-create-instance#enable-user-accounts-for-azure-ad-ds
upvoted 1 times
...
...
...
...
...
VincentZhang
3 years, 8 months ago
Answer is correct
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel