Exam AZ-305 topic 1 question 32 discussion

Answer is C The app is single tenant authentication so users must be present in contoso directory. https://docs.microsoft.com/en-us/azure/active-directory/develop/single-and-multi-tenant-apps With Azure AD B2B, external users authenticate to their home directory, but have a representation in your directory. https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-external-users A is wrong because its to automate provisioning to third party SaaS app. https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/how-provisioning-works?source=recommendations B. is wrong because the application would need to switch to multi tenant.. https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant

C is correct https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-external-users IF App1 is multi-tenant application, A might be correct since you can provision users from other tenant to App1 and configure App1 to SSO with other tenants.

C is correct

C. Use Azure AD entitlement management to govern external users. Explanation: Azure AD Entitlement Management: Facilitates collaboration with external users by automating the request and approval process for access to resources. Allows you to manage access packages that include the required permissions for external users, ensuring they can access App1. External users can use their existing credentials to sign in and access resources in the Contoso Azure AD tenant.

I would vote for C as per below Entitlement management uses Microsoft Entra business-to-business (B2B) to share access so you can collaborate with people outside your organization. With Microsoft Entra B2B, external users authenticate to their home directory, but have a representation in your directory. The representation in your directory enables the user to be assigned access to your resources. https://learn.microsoft.com/en-us/entra/id-governance/entitlement-management-external-users

c is correct

ChatGPT response summary: ----------------------------------------------- Enabling users from the fabrikam.com Azure AD tenant to access App1, currently limited to contoso.com users, requires configuring Azure AD authentication to accommodate both tenants. While Option C, "Azure AD entitlement management," focuses on access governance and user lifecycle management, it doesn't directly address cross-tenant authentication needs. Instead, Option A, utilizing the Azure AD provisioning service, is recommended as it synchronizes users across Azure AD tenants, facilitating access to applications hosted in different tenants, making it a more suitable choice in this scenario.

The answer is Use Azure AD entitlement management to govern external users, Exam topic need to make a correction

Duplicated question. Same of question #35 and this has the correct answer "C"

The correct answer is C. Use Azure AD entitlement management to govern external users. Azure AD entitlement management is a feature that allows you to manage the access of external users to your organization's resources. You can use entitlement management to create access packages that define the resources that external users can access, the permissions they have to those resources, and the duration of their access.

https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-external-users

C is the correct answer

Other answers do not allow the users to access the app.

Answer is C.

This question needs to be reviewed considering that it is the same question in Q. 35 with (C) as right answer. So I vote C as the right answer.

This is one company with two divisions; why would they need to use entitlement management and make them request access packages etc as though they were an external org? Why not just make App1 registration multi-tenant and make the app trust the 2 issuers (I know that's not an option)

C is the correct answer. I don't understand why A was proposed and upvoted. We are talking about a single-tenant app and therefore we need to establish B2B collaboration and use entitlements for external users as described here: https://learn.microsoft.com/en-us/azure/active-directory/external-identities/what-is-b2b#customize-the-onboarding-experience-for-b2b-guest-users