Exam AZ-301 topic 2 question 10 discussion

Box1: see p.3 below. It refers to Azure AD, so the answer is Azure AD Box2: See p.5 and it talks about configuring policy in API Management, so the answer is API Management. Here is how you protect API with Azure AD 1) Register an application (backend-app) in Azure AD to represent the API. 2) Register another application (client-app) in Azure AD to represent a client application that needs to call the API. 3) In Azure AD, grant permissions to allow the client-app to call the backend-app. 4) Configure the Developer Console to call the API using OAuth 2.0 user authorization. 5) Add the validate-jwt policy to validate the OAuth token for every incoming request. ref: https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad

1) Azure AD 2) APIM Ref: https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad https://docs.microsoft.com/en-us/azure/api-management/set-edit-policies

Today in AZ-305 exam. I chose APIM and APIM PAssed.

It is about  block unauthorized requests, not Block whole apps... given answers are correct.

Box1 :- Azure AD Box 2 :- Api Management

Premium P2 Privileged Identity Management for the Azure resources "Don't get confused with Just in time Access. Users will be marked eligible to get required access, Only when they need it. This will be done using Access Review, which is a PIM feature and available in P2.

Correct ans 1. Use CORS policy in API Management 2. Use JWT Policy for in-bound requests in API Management

1) Azure AD 2) Azure API Management correct answer

I have implemented it myself this requirement for several applications using Graph API. Now for Graph API Azure API mgmt is not required, as it is managed by Microsoft, only Azure AD is enough. In Azure AD you need to configure or define apps as a Service Application and select what access it has, and how it accesses the graph api (Oauth). Now because, here I am not dealing with Graph API but I have my own apps to be called by various apps. Hence, within Azure API management, I need to configure them to be called on OAUTH. Hence, answer is Azure AD and Azure API Mgmt. Below link explains the step, above is just an explanation why it needs to be done in desired fashion. https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad

1- AD 2- Azure API

1- AD 2- Azure API There are two sources I found: as already mentioned "https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad" - and also: "Protecting an API with Azure API Management and OAuth 2.0" found in "Pfeiffer, Mike. Exam Ref AZ-300 Microsoft Azure Architect Technologies (p. 174). Pearson Education."

oz's response is accurate. answer is Azure AD and API management

1. Azure AD https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad#grant-permissions-in-azure-ad 2. API Management https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad#configure-a-jwt-validation-policy-to-pre-authorize-requests

1- AD 2- Azure API

This should be AAD & APIM

Answer is Box1 :- Azure AD & Box 2 :- Api Management

ans: 1) Azure AD 2) APIM Here is a quick overview of the steps: Register an application (backend-app) in Azure AD to represent the API. Register another application (client-app) in Azure AD to represent a client application that needs to call the API. In Azure AD, grant permissions to allow the client-app to call the backend-app. Configure the Developer Console to call the API using OAuth 2.0 user authorization. Add the validate-jwt policy to validate the OAuth token for every incoming request.