You are building an app that will use the Speech service.
You need to ensure that the app can authenticate to the service by using a Microsoft Azure Active Directory (Azure AD), part of Microsoft Entra, token.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
To authenticate the app to the Speech service using a Microsoft Azure Active Directory (Azure AD) token, two key actions are necessary. First, configuring a custom subdomain helps to ensure that the Speech service is properly associated with the Azure AD identity, which is crucial for the authentication process. Second, creating a private endpoint secures the communication between your app and the Speech service, reducing exposure to public internet and enhancing security. These steps are critical for enabling Azure AD token-based authentication and maintaining secure access to the service.
https://learn.microsoft.com/en-us/azure/ai-services/speech-service/role-based-access-control#authentication-with-keys-and-tokens
The correct actions, according to Microsoft's documentation, are: B. Configure a custom subdomain. Configuring a custom subdomain involves setting up a custom domain for your Speech service instance, which can help in integrating with Azure AD and managing authentication effectively. D. Create a private endpoint. Creating a private endpoint allows your app to securely connect to the Speech service without exposing it to the public internet, maintaining network security and compliance.
B and D are the best choices its obvious
To authenticate with Speech resource keys, all you need is the key and region. To authenticate with a Microsoft Entra token, the Speech resource must have a custom subdomain and use a private endpoint. The Speech service uses custom subdomains with private endpoints only.
https://learn.microsoft.com/en-us/azure/ai-services/speech-service/role-based-access-control#authentication-with-keys-and-tokens
To authenticate with a Microsoft Entra token, the Speech resource must have a custom subdomain and use a private endpoint. The Speech service uses custom subdomains with private endpoints only.
To authenticate with a Microsoft Entra token, the Speech resource must have a custom subdomain and use a private endpoint. The Speech service uses custom subdomains with private endpoints only.
Wrong again. It's frustrating.
correct answer : B and D https://learn.microsoft.com/en-us/azure/ai-services/speech-service/role-based-access-control#authentication-with-keys-and-tokens To authenticate with a Microsoft Entra token, the Speech resource must have a custom subdomain and use a private endpoint. The Speech service uses custom subdomains with private endpoints only.
B and D is the correct answer
The answer may not be so explicit and obvious, please memorize if you dont understand: B. Configure a custom subdomain - This is essential for enabling Azure AD authentication for Cognitive Services, as it allows the service to be associated with a specific Azure AD identity. E. Create a Conditional Access policy - This enhances security by defining conditions under which users or services can authenticate and access resources, aligning with the requirement to use Azure AD tokens for authentication. These steps are critical for setting up Azure AD authentication, ensuring secure and compliant access to the Azure Speech Service within your application.
Options A, B, and C are not directly related to Azure AD token authentication for the Speech service. Option A (enabling a virtual network service endpoint) is about network connectivity, option B (configuring a custom subdomain) is unrelated to authentication, and option C (requesting an X.509 certificate) is not necessary for Azure AD token-based authentication. (DE)
BD. To authenticate with a Microsoft Entra token, the Speech resource must have a custom subdomain and use a private endpoint. The Speech service uses custom subdomains with private endpoints only.
B. Configure a custom subdomain: This is necessary because Azure AD authentication requires a custom domain for the Speech service. D. Create a private endpoint: This ensures secure communication between the app and the Speech service. These actions align with the best practices for securing Azure services and enable the app to use Azure AD tokens for authentication.
When you authenticate using Microsoft Entra ID (formerly Azure Active Directory) tokens, having a private endpoint along with a custom subdomain ensures full feature access. Without a private endpoint, some features may be limited. Specifically, if your Speech resource uses a Microsoft Entra token without a custom subdomain and private endpoint, you may encounter limitations, such as not being able to use custom speech models to transcribe audio files
B. Configure a custom subdomain: This is necessary when using Azure AD authentication with a private endpoint. However, it's also a requirement for using Azure AD authentication in general with the Speech service. C. Request an X.509 certificate: This is not needed for Azure AD token-based authentication. It's typically used for client certificate authentication. Hence, B is absolutely required. The others are optional.
B and D.