ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-305 All Questions

View all questions & answers for the AZ-305 exam
Go to Exam

Exam AZ-305 topic 1 question 6 discussion

Actual exam question from Microsoft's AZ-305
Question #: 6
Topic #: 1
[All AZ-305 Questions]

HOTSPOT -
You plan to deploy an Azure web app named App1 that will use Azure Active Directory (Azure AD) authentication.
App1 will be accessed from the internet by the users at your company. All the users have computers that run Windows 10 and are joined to Azure AD.
You need to recommend a solution to ensure that the users can connect to App1 without being prompted for authentication and can access App1 only from company-owned computers.
What should you recommend for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: An Azure AD app registration
Azure active directory (AD) provides cloud based directory and identity management services.You can use azure AD to manage users of your application and authenticate access to your applications using azure active directory.
You register your application with Azure active directory tenant.
Box 2: A conditional access policy
Conditional Access policies at their simplest are if-then statements, if a user wants to access a resource, then they must complete an action.
By using Conditional Access policies, you can apply the right access controls when needed to keep your organization secure and stay out of your user's way when not needed.
Reference:
https://codingcanvas.com/using-azure-active-directory-authentication-in-your-web-application/ https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
by kenobiD at Dec. 9, 2021, 5:43 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Tyler2021
Highly Voted 5 months, 2 weeks ago
The given answer is correct. https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-application-management
upvoted 48 times
...
stonwall12
Highly Voted 5 months, 2 weeks ago
Correct Answer - 1: Azure AD app registration - Azure AD app registration is essential to integrate the web application (App1) with Azure AD. By doing this, you can leverage Azure AD's authentication mechanisms, including SSO. Once App1 is registered in Azure AD and configured for SSO, users who are already signed in to their Azure AD account can access the application without being prompted for authentication again. https://learn.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals?tabs=browser Correct Answer - 2: Conditional Access policy - Azure AD Conditional Access policies allow you to define and enforce specific conditions under which users can access applications. In this scenario, you can create a Conditional Access policy that specifies that App1 can only be accessed from devices that are Azure. https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/overview
upvoted 9 times
...
[Removed]
Most Recent 3 months, 3 weeks ago
CORRECT
upvoted 1 times
...
zellck
5 months, 2 weeks ago
1. Azure AD app registration 2. Conditional Access policy https://learn.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals#application-registration To delegate identity and access management functions to Azure AD, an application must be registered with an Azure AD tenant. When you register your application with Azure AD, you're creating an identity configuration for your application that allows it to integrate with Azure AD. When you register an app in the Azure portal, you choose whether it's a single tenant, or multi-tenant, and can optionally set a redirect URI.
upvoted 4 times
...
AlexandrVavilov
1 year, 3 months ago
https://learn.microsoft.com/en-us/entra/identity/devices/concept-primary-refresh-token#how-are-app-tokens-and-browser-cookies-protected
upvoted 1 times
...
flash007
1 year, 6 months ago
conditional access is used for access only when the condirtions are satisfied
upvoted 2 times
...
prabhakar33888
1 year, 7 months ago
The given answer is correct.
upvoted 1 times
...
ZUMY
1 year, 11 months ago
Given answer is correct
upvoted 1 times
...
jj22222
2 years ago
AD App Registration Conditional access policy
upvoted 1 times
...
OPT_001122
2 years, 1 month ago
Box 1: An Azure AD app registration Box 2: A conditional access policy
upvoted 2 times
OPT_001122
2 years ago
Remember that users can only access from company machines
upvoted 1 times
...
...
jj22222
2 years, 1 month ago
app registration and conditional access policy
upvoted 2 times
...
Bummer_boy
2 years, 1 month ago
App should be registered with AD and appropriate condition policy should be introduced to allow company-owned devices only
upvoted 1 times
...
Yazn
2 years, 4 months ago
The problem with app registration choice is the requirement "Without being prompted for authentication". Azure app registration will always prompt you is you are not already logged in and doesn't support integrated windows authentication. On the other hand, the application proxy supports integrated windows authentication, hence you can login without being prompted. I'm not sure but that is my reasoning.
upvoted 1 times
C_M_M
1 year, 10 months ago
The app1 uses Azure AD authentication It will be accessed by users from the company These users will access it via computers Joined to Azure AD. Bearing in mind the above points, hence any user attempting to use the app 1 already logged on to their work computer using Azure AD. So the main question here is - If they want to proceed to sign into the app1, we do not need another prompt for sign in. The requirement is that they get automatically signed in to the app1, since they are logged into their work computers with their azure AD account. To achieve the above, you need to register the app1 with azure AD to utilize SSO. In other words, Azure app registration won't prompt these users for authentication because they are logged on from a joined work computer. I hope this helps!
upvoted 4 times
C_M_M
1 year, 10 months ago
Application proxy, on the other hand, is when you want users outside your on-premise to access your app using azure SSO. That doesn't fit into this scenario. Here your users are on-premise, they don't need a proxy.
upvoted 1 times
...
...
r3verse
2 years, 3 months ago
Nowhere it's sying 'integrated windows authentication', please read https://learn.microsoft.com/en-us/azure/active-directory/authentication/overview-authentication .
upvoted 1 times
...
...
Gor
2 years, 9 months ago
App registration needed for SSO/identity Conditional Access policy needed for only allowing company-owned devices
upvoted 1 times
...
Justin0020
3 years ago
App registration needed for SSO/identity Conditional Access policy needed for only allowing company-owned devices
upvoted 4 times
...
kenobiD
3 years, 2 months ago
Azure AD Proxy supports SSO, I would of used that with conditional access https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-config-sso-how-to
upvoted 1 times
CLToh
2 years, 4 months ago
AD application proxy is used to access on premises web applications and this question is using Azure webapp thus on relevant.
upvoted 2 times
...
someguys
3 years, 2 months ago
But why would you proxy the traffic? Azure AD proxy is for publishing on-prem web applications, not Azure web apps. https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/what-is-application-proxy Easiest way is to create an app registration and conditional access policy.
upvoted 17 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago