ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-300 All Questions

View all questions & answers for the SC-300 exam
Go to Exam

Exam SC-300 topic 3 question 11 discussion

Actual exam question from Microsoft's SC-300
Question #: 11
Topic #: 3
[All SC-300 Questions]

HOTSPOT -
Your company has a Microsoft 365 tenant.
All users have computers that run Windows 10 and are joined to the Azure Active Directory (Azure AD) tenant.
The company subscribes to a third-party cloud service named Service1. Service1 supports Azure AD authentication and authorization based on OAuth. Service1 is published to the Azure AD gallery.
You need to recommend a solution to ensure that the users can connect to Service1 without being prompted for authentication. The solution must ensure that the users can access Service1 only from Azure AD-joined computers. The solution must minimize administrative effort.
What should you recommend for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-how-applications-are-added https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/require-managed-devices
by Discuss4certi at Sept. 10, 2021, 10:28 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
NawafAli
Highly Voted 2 years, 3 months ago
Correct Answer. Service1 support OAuth for Authentication & authorization, however service1 is published in Azure AD gallery, hence we will use An enterprise application in Azure AD blade to register for SSO. for second point, we can use conditional Access policy to restrict.
upvoted 18 times
...
estyj
Highly Voted 1 year, 5 months ago
Correct: Enterprise App has option for SSO, App registration does not. Conditional access policy - to ensure users access from Azure AD joined computers.
upvoted 5 times
...
Obi_Wan_Jacoby
Most Recent 6 days, 14 hours ago
Given answers are correct.
upvoted 1 times
...
penatuna
6 months, 1 week ago
I would use Conditional Access -> Conditions -> Filter for devices -> Rule syntax: device.trustType -eq "AzureAD" When creating Conditional Access policies, administrators have asked for the ability to target or exclude specific devices in their environment. The condition filter for devices gives administrators this capability. Now you can target specific devices using supported operators and properties for device filters and the other available assignment conditions in your Conditional Access policies. https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-condition-filters-for-devices
upvoted 1 times
...
EmnCours
8 months, 1 week ago
Correct Answer.
upvoted 1 times
...
dule27
10 months ago
Ensure that the users can connect to Service1 without prompt for Authentication: AN Enterprise application in Azure AD Ensure that users can access Service1 only from the Azure AD joined computers: A conditional access policy
upvoted 2 times
...
217f3c9
11 months, 4 weeks ago
I am confused about the AzureAD joined devices. You cant use ad join as a requirement in conditional access.
upvoted 2 times
watapity
10 months, 2 weeks ago
You can, You add it as a device condition
upvoted 1 times
...
...
sapien45
1 year, 9 months ago
App registrations the app is preconfigured to use OpenID Connect (OIDC) & OAuth and it is not designed for SAML. As per MS Document, Both OpenID Connect and SAML are used to authenticate a user and are used to enable Single Sign On. SAML authentication is commonly used with identity providers such as Active Directory Federation Services (ADFS) federated to Azure AD and is therefore frequently used in enterprise applications. OpenID Connect is commonly used for apps that are purely in the cloud, such as mobile apps, web sites, and web APIs.
upvoted 1 times
...
jasonga
1 year, 10 months ago
As they say gallery app it has to be enterprise app as gallery is not available from app registration blade. If doing a custom non gallery app using OAuth then you would use app registration blade, it's they gallery app part that is the trick as this is only in enterprise app blade
upvoted 3 times
...
Jun143
2 years, 1 month ago
just pass the exam today. This came in the question.
upvoted 2 times
...
zmlapq99
2 years, 2 months ago
On exam few days ago.
upvoted 2 times
...
Pravda
2 years, 2 months ago
On the exam 1/20/2022
upvoted 2 times
...
TP447
2 years, 3 months ago
I think this is correct - App Registration is for first party or internal apps that required more configuration and Enterprise Apps is for 3rd party apps such as in this scenario.
upvoted 4 times
...
Povnello
2 years, 5 months ago
From my experience, to configure Oauth federeted authentication you need to configure it from App registration Blade and not from Enterprise applications. So for me the answer is wrong.
upvoted 1 times
...
cbounds
2 years, 6 months ago
If the application uses Oauth then its an Application Registration. Enterprise applications are used to configure SAML applications.
upvoted 1 times
J4U
2 years, 6 months ago
IMO - Question didn't ask anything on authorization (OAuth). connect to Service1 without being prompted for authentication - which means they are asking to configure SSO using enterprise application and OpenID for authentication.
upvoted 2 times
...
...
BaderJ
2 years, 6 months ago
Passed the exam today 23/09/2021 This question came in the exam.
upvoted 2 times
...
Discuss4certi
2 years, 7 months ago
TL;DR. Answers seem correct to me, From what i understand from the documentation you need a service principal which can be governed in the enterprise application section. for the second part you can use Conditional access policies to check if the device is hybrid AZAD joined in the grant section of the conditional access policy.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago