Exam AZ-305 All QuestionsBrowse all questions from this exam
Go to Exam
Question 55

DRAG DROP

-

You have two app registrations named App1 and App2 in Azure AD. App1 supports role-based access control (RBAC) and includes a role named Writer.

You need to ensure that when App2 authenticates to access App1, the tokens issued by Azure AD include the Writer role claim.

Which blade should you use to modify each app registration? To answer, drag the appropriate blades to the correct app registrations. Each blade may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

    Correct Answer:

Discussion
Jay1111

App1: App Roles https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-add-app-roles-in-apps#app-roles-ui App2: Api Permissions https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-add-app-roles-in-apps#assign-app-roles-to-applications

NotMeAnyWay

1. App1: b. App roles 2. App2: c. Token configuration This is assuming that the exam expects you to know that an application requesting a token (App2) would need to have the roles claim added via Token Configuration. While in practice, this is not the exact place to assign a role to an application, but given the choices provided, this would be the most appropriate. This is because token configuration does indeed impact the claims present in a token, and since no other suitable choice is available (API Permissions would not be used to assign a role to the application), it seems this would be the expected answer. However, please note this is not entirely accurate based on the full capabilities of Azure AD, but it's the best choice given the options. Normally, you would assign the app role to the service principal of App2 in the context of Enterprise Applications, which is not an option here.

OrangeSG

Box 1: App roles Box 2: Token configuration To ensure that when App2 authenticates to access App1, the tokens issued by Azure AD include the Writer role claim: 1. In the Azure portal, navigate to Azure Active Directory > App registrations. 2. Select App1. 3. Under Manage, select App roles. 4. Select New app role. 5. In the Name field, enter Writer. 6. In the Description field, enter a description of the Writer role. 7. Select Create. 8. Select App2. 9. Under Manage, select Token configuration. 10. In the Issued token claims section, select Add claim. 11. In the Name field, enter roles. 12. In the Source field, select Application. 13. In the Value field, enter Writer. 14. Select Add. 15. Select Save. Once you have completed these steps, when App2 authenticates to access App1, the tokens issued by Azure AD will include the Writer role claim. Note: For native applications, such as App2, you cannot use the Manifest blade to add the Writer role claim. Instead, you must use the Token configuration blade.

TJ001

This is a clear documentation explaining the scenarios https://learn.microsoft.com/en-us/entra/identity-platform/howto-add-app-roles-in-apps...which means for App2: Modify API Permissions looks the right answer

UWSFish

I'm going with this

JazzF

Passed the exam on 10-Jan-24. This question appeared on the exam. There were about 9 questions that came outside of this dump + the case study with 7 questions.

Felas

of the 294 only 9 appeared?

bryant12138

I think he means the other way around? Only 9 questions not come from here

stonwall12

App 1: App Roles This app is already configured with a custom role, which is defined under the "App Roles" section. Reference: https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-add-app-roles-in-apps#app-roles-ui App 2: API Permissions To allow App 2 to authenticate to App1, it is necessary to assign the appropriate permissions. These can be configured under "API Permissions". Reference: https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-add-app-roles-in-apps

_invalid_nickname

Got this on Aug 5th, 2023.

Exams_Prep_2021

Got this on Sept. 29, 2023

Rajkumar082021

App roles, API permissions

23169fd

App1: App roles: Define the Writer role that will be used by App2. App2: API permissions: Grant permission for App2 to access App1.

23169fd

To ensure that App2 can authenticate to access App1 and the tokens issued include the Writer role claim, you should configure: API permissions Explanation: API permissions: Purpose: Grant App2 the necessary permissions to call App1. Action: Assign permissions to App2 to access App1, ensuring that App2 can request tokens that include the necessary role claims. Details: Navigate to App2's Azure AD registration. Go to "API permissions" and add permissions for App1, ensuring App2 can access App1 and receive tokens with the Writer role claim.

tatacsi

I was confused for a while then I found this at https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/overview: Note Managed identities for Azure resources is the new name for the service formerly known as Managed Service Identity (MSI). FYI

Debosree

For App2 its API Permission Select My API .Find App1 and assign the permission to that writer role configured under App1

ssergio25

In plain English: Different users might have different access levels to App1. In order to give writer access , you need to declare that in the App registration setting App Roles ( App1 can give writer access) . Meanwhile App 2 needs to ensure that when a token is given to it, such write access is included in the token itself ( Token Configuration Blade)

Paul_white

To ensure that when App2 authenticates to access App1, the tokens issued by Azure AD include the Writer role claim, you should use the following blades in Azure AD: For App2: - API permissions blade: Here, you can add the necessary permissions to access App1. Make sure to grant the "Writer" role permission for App1. Remember to click on "Grant admin consent for {your directory}" after adding the necessary permissions. This ensures that the permissions are granted tenant-wide and the tokens issued by Azure AD will include the necessary claims.

husam421

2- API permissions Grant admin consent Because these are application permissions, not delegated permissions, an admin must grant consent to use the app roles assigned to the application. In the app registration's API permissions pane, select Grant admin consent for <tenant name>.