AZ-304 Exam QuestionsBrowse all questions from this exam
Go to Exam

AZ-304 Exam - Question 31

HOTSPOT -

You plan to deploy an Azure web app named App1 that will use Azure Active Directory (Azure AD) authentication.

App1 will be accessed from the internet by the users at your company. All the users have computers that run Windows 10 and are joined to Azure AD.

You need to recommend a solution to ensure that the users can connect to App1 without being prompted for authentication and can access App1 only from company-owned computers.

What should you recommend for each requirement? To answer, select the appropriate options in the answer area.

Hot Area:

Exam AZ-304 Question 31
Show Answer
Correct Answer:
Exam AZ-304 Question 31

Box 1: An Azure AD app registration

Azure active directory (AD) provides cloud based directory and identity management services.You can use azure AD to manage users of your application and authenticate access to your applications using azure active directory.

You register your application with Azure active directory tenant.

Box 2: A conditional access policy

Conditional Access policies at their simplest are if-then statements, if a user wants to access a resource, then they must complete an action.

By using Conditional Access policies, you can apply the right access controls when needed to keep your organization secure and stay out of your user's way when not needed.

Exam AZ-304 Question 31

Reference:

https://codingcanvas.com/using-azure-active-directory-authentication-in-your-web-application/ https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview

Discussion

16 comments
Sign in to comment
mmmore
Dec 3, 2020

Seems correct.

glam
Jan 24, 2021

Box 1: An Azure AD app registration Box 2: A conditional access policy

hertino
Apr 9, 2022

In AZ-305 exam, 9 april 22

Tidopuddy
Mar 10, 2021

Box 1. App Proxy Box 2. Conditional access policy

youlitai003
Apr 6, 2021

"Azure Active Directory's Application Proxy provides secure remote access to on-premises web applications." https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy App1 is an Az Web APP.

zipstore
Apr 12, 2021

No on-premise AD involved, only Azure AD.

DragonsGav
Jun 29, 2021

Application proxy is only for apps which are on-prem and you want to publish them so users do not require VPN. Question is for a Web App configured in Azure, not an application hosted in a company DC.

lowczy
Jul 13, 2021

This question appeared in real exam.

milind8451
Jan 21, 2021

Right ans.

[Removed]
Feb 21, 2021

How app registration with ad will ensure user can connect without being prompted for authentication?

Said_kram
May 10, 2021

we can set up authentication (SSO) in app registration

mshad
Jun 25, 2021

I also had the same question

pentium75
Aug 18, 2021

The users are using Windows 10 on domain-joined computers, thus the users are already authenticated to Azure AD. When you configure the App for SSO with Azure AD, users are logged in automatically "without being prompted for authentication [another time]".

syu31svc
Oct 2, 2021

https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy Application Proxy is a feature of Azure AD that enables users to access on-premises web applications from a remote client https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview Managed identities provide an identity for applications to use when connecting to resources that support Azure Active Directory (Azure AD) authentication 1st drop down is app registration "access App1 only from company-owned computers" -> this would be conditional access

examineezer
Dec 18, 2021

It isnt an on-premises web application.

Ganesh_k
Mar 11, 2021

Ans should be Managed identity and Conditional access https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=dotnet

j888
Mar 17, 2021

I believed managed Identity is to give permission to the application itself to access other resources. Meanwhile, the Azure AD app registration is to allow the authenticated user on Azure AD to sign in to the registered application. So the answer itself is correct.

teyol51117
Apr 1, 2022

On exam 31.03.2022

ReginaldoBarreto
Apr 21, 2021

https://docs.microsoft.com/en-us/powerapps/developer/data-platform/walkthrough-register-app-azure-active-directory#:~:text=Create%20an%20application%20registration%201%20Create%20an%20application,the%20options%20and%20click%20on%20Add%20permissions.%20 "After consenting to use their Dataverse account with the ISV's application, end users can connect to Dataverse environment from external application. The consent form is not displayed again to other users after the first user who has already consented to use the ISV's app. Apps registered in Azure Active Directory are multi-tenant, which implies that other Dataverse users from other tenant can connect to their environment using the ISV's app."

ruckii
Jun 12, 2021

only from company own computers. if we go with app registration, will this be full filed?

DragonsGav
Jun 29, 2021

App Registration - Register the Application - Configure SSO Conditional Access will make sure only Domain joined computers are allowed.

pentium75
Aug 18, 2021

The app "will use Azure Active Directory (Azure AD) authentication" - and it will do that because you register it as an app in AAD and configure SSO. Once its registered in AAD, you can use Conditional Access policies to configure options for this specific app - and here you can specify that computers must be domain-joined.

red_vix
Jul 30, 2021

very good

plmmsg
Mar 9, 2022

App registration Conditional access policy

Pinkee888
Apr 13, 2022

Presented answer is correct. Register the app uses key vault for authentication, no longer prompts for authentication and restrict access exclusive to company supplied computers through conditional access policy.

AberdeenAngus
Jul 6, 2022

"Register the app uses key vault for authentication, no longer prompts for authentication"?? Anyone know a doc which supports this?

Snownoodles
Oct 8, 2022

Azure joined devices can "SSO to both cloud and on-premises resources" https://learn.microsoft.com/en-us/azure/active-directory/devices/concept-azure-ad-join