Exam AZ-305 topic 1 question 35 discussion

Selected Answer: A This is exactly question 32, and in the 32 question the answer is A (what makes sense BTW). This is ridiculous.

Correct Application is single tenant so users must be in the same directory as the home tenant https://docs.microsoft.com/en-us/azure/active-directory/develop/single-and-multi-tenant-apps https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-external-users Azure AD entitlement management uses Azure AD business-to-business (B2B) to share access so you can collaborate with people outside your organization. With Azure AD B2B, external users authenticate to their home directory, but have a representation in your directory. A is for populated users to SaaS applications (third party like Dropbox or Salesforce), but the users must first be in the directory....

I used to think the answer was A until I read this There are three ways that entitlement management lets you specify the users that form a connected organization. It could be - users in another Azure AD directory (from any Microsoft cloud), - users in another non-Azure AD directory that has been configured for direct federation, or - users in another non-Azure AD directory, whose email addresses all have the same domain name in common. So the answer should be C because of the first option of the three from the article https://learn.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-organization

C is correct

Same as Question 38. https://www.examtopics.com/discussions/microsoft/view/93994-exam-az-305-topic-1-question-38-discussion

C is the answer. C is the answer. https://learn.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-overview#what-can-i-do-with-entitlement-management Here are some of capabilities of entitlement management: - Select connected organizations whose users can request access. When a user who isn't yet in your directory requests access, and is approved, they're automatically invited into your directory and assigned access. When their access expires, if they have no other access package assignments, their B2B account in your directory can be automatically removed.

CORRECT ANSWER

C. Use Azure AD entitlement management to govern external users.

Correct. B2B functionality between the Two azure ad tenants. i.e user logs authenticates to their tenant, which is then provided access to the application tenant. https://learn.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-external-users

Option C - Entitlement Management is the right answer. Refer the Recommendation section on below link for more details. " For projects with one or more business partners, Create and use access packages to onboard and provision those partner’s users access to resources." https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/6-secure-access-entitlement-managment Option A - Access provision looks suitable option, but its not right answer to the scenarios. Access provision suitable for apps that maintains its own password store. Refer App provisioning section in below link for the clarity https://learn.microsoft.com/en-us/azure/active-directory/governance/what-is-provisioning

The answer C is no longer valid. Had this one on my exam today and it had different options Don't recall what the correct answer was

"App1 uses Azure AD for single-tenant user authentication" - SINGLE-TENANT So A is incorrect. C is the correct answer: https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-external-users

isn't that supposed to be Azure AD provisioning service?