You have an Azure Cosmos DB account named account1.
You have several apps that connect to account1 by using the account's secondary key.
You then configure the apps to authenticate by using service principals.
You need to ensure that account1 will only allow apps to connect by using an Azure AD identity.
Which account property should you modify?
To ensure that an Azure Cosmos DB account only allows apps to connect using an Azure AD identity, you need to disable the use of local authentication methods such as the account's primary or secondary key. This can be achieved by modifying the account property 'disableLocalAuth'. Setting this property to true will prevent local authentication and enforce the use of Azure AD identities for access.
he most correct answer in this case would be B. disableLocalAuth.
https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-setup-rbac#disable-local-auth
The correct answer is C. userAssignedIdentities. To ensure that account1 only allows apps to connect by using an Azure AD identity, you need to modify the userAssignedIdentities property of the Azure Cosmos DB account. This property is used to specify the Azure AD identities (service principals) that are allowed to access the account. By assigning a user-assigned identity to the userAssignedIdentities property, you can configure the apps to authenticate using that identity, which will enable them to connect to the Azure Cosmos DB account. This ensures that only the specified Azure AD identities are allowed to access the account, providing a more secure authentication mechanism compared to using the secondary key. Therefore, the correct answer is C. userAssignedIdentities.
Ignore my previous answer Setting the disableLocalAuth property to true ensures that local authentication, such as using the secondary key, is disabled for the Azure Cosmos DB account. This means that only Azure AD identities (service principals) will be able to authenticate and access the account. On the other hand, the userAssignedIdentities property is used to specify the Azure AD identities that are allowed to access the account. While it can also be used to enforce authentication through Azure AD, it requires you to assign and manage user-assigned identities explicitly. In the context of the given scenario, if you want to ensure that only Azure AD identities can connect to the account, the most direct and effective option would be to disable local authentication by setting disableLocalAuth to true. Therefore, the most correct answer in this case would be B. disableLocalAuth.
https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/security/how-to-disable-key-based-authentication?tabs=csharp&pivots=azure-interface-cli