AZ-305 Exam QuestionsBrowse all questions from this exam
Go to Exam

AZ-305 Exam - Question 12

DRAG DROP -

Your on-premises network contains a server named Server1 that runs an ASP.NET application named App1.

You have a hybrid deployment of Azure Active Directory (Azure AD).

You need to recommend a solution to ensure that users sign in by using their Azure AD account and Azure Multi-Factor Authentication (MFA) when they connect to App1 from the internet.

Which three features should you recommend be deployed and configured in sequence? To answer, move the appropriate features from the list of features to the answer area and arrange them in the correct order.

Select and Place:

Exam AZ-305 Question 12
Show Answer
Correct Answer:
Exam AZ-305 Question 12

Step 1: Azure AD Application Proxy

Start by enabling communication to Azure data centers to prepare your environment for Azure AD Application Proxy.

Step 2: an Azure AD enterprise application

Add an on-premises app to Azure AD.

Now that you've prepared your environment and installed a connector, you're ready to add on-premises applications to Azure AD.

1. Sign in as an administrator in the Azure portal.

2. In the left navigation panel, select Azure Active Directory.

3. Select Enterprise applications, and then select New application.

4. Etc.

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-add-on-premises-application

Discussion

25 comments
Sign in to comment
Eltooth
Dec 10, 2021

Answer is correct.

FrancisFerreira
Mar 27, 2022

Wait, Application Proxy is a feature of Enterprise Applications, so yeah, you would need to register an Enterprise Application before enabling an Application Proxy for it. While the items themselves are correct, I believe the order should be: 1. Enterprise Application 2. Application Proxy 3. Conditional Access

ninjaTT
Apr 10, 2022

If you carefully follow the link provided by @RJM you will notice that first, you need to install and register a connector, later add an on-premises app to Azure AD by selecting Enterprise application --> New application. So the given answer is correct: 1. Application Proxy 2. Enterprise Application 3. Conditional Access

[Removed]
Sep 15, 2022

That's for the connector, not Application Proxy itself. Enterprise Application must be the first.

JDKJDKJDK
Sep 16, 2022

I think ninjaTT is right. according to this page first you install a connector from the Application Proxy blade, and then you add the onprem app via Enterprise Application https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-add-on-premises-application

TJ001
Apr 5, 2023

Absolutely.. create proxy first then only Enterprise can be created for that proxy...correct answers given.

TJ001
Apr 5, 2023

Absolutely.. create proxy first then only Enterprise can be created for that proxy...correct answers given.

JDKJDKJDK
Sep 16, 2022

I think ninjaTT is right. according to this page first you install a connector from the Application Proxy blade, and then you add the onprem app via Enterprise Application https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-add-on-premises-application

TJ001
Apr 5, 2023

Absolutely.. create proxy first then only Enterprise can be created for that proxy...correct answers given.

TJ001
Apr 5, 2023

Absolutely.. create proxy first then only Enterprise can be created for that proxy...correct answers given.

EnricVives
Oct 29, 2023

Totally correct

[Removed]
Sep 15, 2022

That's for the connector, not Application Proxy itself. Enterprise Application must be the first.

JDKJDKJDK
Sep 16, 2022

I think ninjaTT is right. according to this page first you install a connector from the Application Proxy blade, and then you add the onprem app via Enterprise Application https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-add-on-premises-application

TJ001
Apr 5, 2023

Absolutely.. create proxy first then only Enterprise can be created for that proxy...correct answers given.

TJ001
Apr 5, 2023

Absolutely.. create proxy first then only Enterprise can be created for that proxy...correct answers given.

JDKJDKJDK
Sep 16, 2022

I think ninjaTT is right. according to this page first you install a connector from the Application Proxy blade, and then you add the onprem app via Enterprise Application https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-add-on-premises-application

TJ001
Apr 5, 2023

Absolutely.. create proxy first then only Enterprise can be created for that proxy...correct answers given.

TJ001
Apr 5, 2023

Absolutely.. create proxy first then only Enterprise can be created for that proxy...correct answers given.

EnricVives
Oct 29, 2023

Totally correct

photon99
Feb 28, 2024

Correct as per : https://learn.microsoft.com/en-us/entra/identity/app-proxy/application-proxy-add-on-premises-application#add-an-on-premises-app-to-microsoft-entra-id

Gor
May 23, 2022

Answer is correct. 1. Application Proxy 2. Enterprise Application 3. Conditional Access https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-add-on-premises-application

AymanGad
Jul 30, 2024

where are you mlantonis?

DeBoer
Feb 12, 2023

that's one of those "it depends" question, I gues. Depends on what they mean by "deploying" a "feature" Of course you'd first need to set up AADProxy in general (install a connector and create a connector group) before being able to chose using it in an Enterprise App. However, if that's been done already, then you'd create the Enterprise App first and configure the AAD Proxy settings in it (second) ... Since they're not saying anything I'd assume we're talking about a new environment and needed to set up AADProxy first - and then create the Enterprise app. Obviously, the Enterprise app would need to exist before being able to secure it using CA Policies, so the third step is not a matter of discussion.

zellck
Feb 26, 2023

1. Azure AD App Proxy 2. Azure AD enterprise app 3. Conditional Access policy https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-add-on-premises-application https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy Azure Active Directory's Application Proxy provides secure remote access to on-premises web applications. After a single sign-on to Azure AD, users can access both cloud and on-premises applications through an external URL or an internal application portal. Azure AD Application Proxy is: - Secure. On-premises applications can use Azure's authorization controls and security analytics. For example, on-premises applications can use Conditional Access and two-step verification. Application Proxy doesn't require you to open inbound connections through your firewall.

vijaypatelom
Mar 9, 2022

in sequence, I believe first enterprise application should be configure before application proxy can be configured

RJM
Mar 12, 2022

Proxy first is correct https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-add-on-premises-application

FrancisFerreira
Mar 27, 2022

Sorry, where in that link they say Application Proxy comes before Enterprise Application? AFAIK, Application Proxy is a feature of Enterprise Applications, so yeah, you would need to register an Enterprise Application before enabling an Application Proxy for it. IMHO, the given order is incorrect.

r3verse
Nov 17, 2022

Application Proxy is essentially a configuration of an Azure AD Application Registration , as you can see here for the Graph API setup: https://learn.microsoft.com/en-us/graph/application-proxy-configure-api?toc=%2Fazure%2Factive-directory%2Fapp-proxy%2Ftoc.json&bc=%2Fazure%2Factive-directory%2Fapp-proxy%2Fbreadcrumb%2Ftoc.json&tabs=http . If you set it up like this, in theory you dont need the Enterprise app to configure app proxy, just the App Registration (with app proxy configured). I think they want you to know that, to configure Conditional Access, you are required to have an Enterprise App (based on your App registration) to configure it, so i'm also leaning towards: 1. Application Proxy (basically an Application Registration) 2. Enterprise Application 3. Conditional Access

r3verse
Nov 17, 2022

Application Proxy is essentially a configuration of an Azure AD Application Registration , as you can see here for the Graph API setup: https://learn.microsoft.com/en-us/graph/application-proxy-configure-api?toc=%2Fazure%2Factive-directory%2Fapp-proxy%2Ftoc.json&bc=%2Fazure%2Factive-directory%2Fapp-proxy%2Fbreadcrumb%2Ftoc.json&tabs=http . If you set it up like this, in theory you dont need the Enterprise app to configure app proxy, just the App Registration (with app proxy configured). I think they want you to know that, to configure Conditional Access, you are required to have an Enterprise App (based on your App registration) to configure it, so i'm also leaning towards: 1. Application Proxy (basically an Application Registration) 2. Enterprise Application 3. Conditional Access

FrancisFerreira
Mar 27, 2022

Sorry, where in that link they say Application Proxy comes before Enterprise Application? AFAIK, Application Proxy is a feature of Enterprise Applications, so yeah, you would need to register an Enterprise Application before enabling an Application Proxy for it. IMHO, the given order is incorrect.

r3verse
Nov 17, 2022

Application Proxy is essentially a configuration of an Azure AD Application Registration , as you can see here for the Graph API setup: https://learn.microsoft.com/en-us/graph/application-proxy-configure-api?toc=%2Fazure%2Factive-directory%2Fapp-proxy%2Ftoc.json&bc=%2Fazure%2Factive-directory%2Fapp-proxy%2Fbreadcrumb%2Ftoc.json&tabs=http . If you set it up like this, in theory you dont need the Enterprise app to configure app proxy, just the App Registration (with app proxy configured). I think they want you to know that, to configure Conditional Access, you are required to have an Enterprise App (based on your App registration) to configure it, so i'm also leaning towards: 1. Application Proxy (basically an Application Registration) 2. Enterprise Application 3. Conditional Access

r3verse
Nov 17, 2022

Application Proxy is essentially a configuration of an Azure AD Application Registration , as you can see here for the Graph API setup: https://learn.microsoft.com/en-us/graph/application-proxy-configure-api?toc=%2Fazure%2Factive-directory%2Fapp-proxy%2Ftoc.json&bc=%2Fazure%2Factive-directory%2Fapp-proxy%2Fbreadcrumb%2Ftoc.json&tabs=http . If you set it up like this, in theory you dont need the Enterprise app to configure app proxy, just the App Registration (with app proxy configured). I think they want you to know that, to configure Conditional Access, you are required to have an Enterprise App (based on your App registration) to configure it, so i'm also leaning towards: 1. Application Proxy (basically an Application Registration) 2. Enterprise Application 3. Conditional Access

JoshuaAlkar
Jan 26, 2023

it should be 1. Enterprise Application 2. Application Proxy 3. Conditional Access see the steps clearly on this Blog https://thesleepyadmins.com/2019/02/

TonySuccess
Jan 26, 2024

1.. Azure App Proxy: To publish your on-premises applications, such as App1, to be accessible from the cloud1. You need to install and register Application Proxy connectors on your on-premises network, and then publish App1 as an application in Azure AD 2.. Azure AD Ent Application: This is a representation of App1 in Azure AD that allows you to configure its identity, authentication, and authorization settings2. You need to create an enterprise application for App1 and assign users or groups that can access it3. You can also customize the branding and user experience of the sign-in page for App1 3.. CA Policy: This is a policy that defines the conditions under which users can access App1, and the actions that are required or blocked. You need to create a conditional access policy for App1 and enable Azure MFA as a grant control. You can also specify other conditions, such as user location, device state, or sign-in risk.

cheese929
May 16, 2022

Clearly stated in the link below. So the given answer is correct. 1. Application Proxy 2. Enterprise Application 3. Conditional Access https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-add-on-premises-application

PeterHu
Jan 17, 2022

Answer is right

ServerBrain
Dec 27, 2022

Given answer is correct, as the url clearly explains the same steps..

OPT_001122
Jan 25, 2023

1. Application Proxy 2. Enterprise Application 3. Conditional Access Policy Given ans is correct (Pro App Pol)

jj22222
Feb 26, 2023

Ent App App Proxy Conditional Access

ZUMY
Mar 27, 2023

Given answers are correct

eli117
Apr 12, 2023

Azure AD Enterprise Application Azure AD Application Proxy Conditional Access Policy

523db89
Apr 16, 2025

This sequence ensures App1 is reachable over the internet via Application Proxy App1 is integrated with Azure AD for authentication and MFA is enforced using Conditional Access.

Redimido
Feb 11, 2022

Yup, that's right!

makovec25
Feb 14, 2022

correct

OrangeSG
Dec 14, 2022

Answer is correct. Steps: 1. Opens ports for outbound traffic and allows access to specific URLs 2. Installs the connector on your Windows server, and registers it with Application Proxy 3. Verifies the connector installed and registered correctly 4. Adds an on-premises application to your Azure AD tenant 5. Verifies a test user can sign on to the application by using an Azure AD account Reference Tutorial: Add an on-premises application for remote access through Application Proxy in Azure Active Directory https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-add-on-premises-application

OPT_001122
Jan 25, 2023

Thanks all who have mentioned the exam dates

orionduo
Feb 8, 2023

The answer is correct.

23169fd
Jun 20, 2024

Given Answer is correct. Azure AD Application Proxy: This enables secure remote access to the on-premises web application (App1) through Azure AD. Azure AD Enterprise Application: This represents the App1 in Azure AD and allows you to configure settings like SSO and user assignments. Conditional Access Policy: This ensures that MFA is enforced when users sign in to App1, providing an additional layer of security.

Teerawee
Sep 15, 2024

1. Azure AD Application Proxy 2. Azure AD Enterprise Application 3. Conditional Access Policy

[Removed]
Nov 11, 2024

CORRECT