AZ-500 · Question #295
AZ-500 Question #295: Real Exam Question with Answer & Explanation
The correct answer is D: an app registration. To allow an application to interact with Azure Active Directory (Azure AD) and Microsoft Graph, you must first create an app registration for it.
Question
You plan to deploy an app that will modify the properties of Azure Active Directory (Azure AD) users by using Microsoft Graph. You need to ensure that the app can access Azure AD. What should you configure first?
Options
- Aa custom role-based access control (RBAC) role
- Ban external identity
- Can Azure AD Application Proxy
- Dan app registration
Explanation
To allow an application to interact with Azure Active Directory (Azure AD) and Microsoft Graph, you must first create an app registration for it.
Common mistakes.
- A. A custom role-based access control (RBAC) role is used to manage access to Azure resources, not to provide an application with an identity to access Azure AD via Microsoft Graph.
- B. An external identity refers to users from outside the organization, not the application's own identity within Azure AD.
- C. Azure AD Application Proxy provides secure remote access to on-premises web applications, and does not establish an application's identity for accessing Azure AD or Microsoft Graph.
Concept tested. Azure AD application registration, Microsoft Graph access
Reference. https://learn.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals
Community Discussion
No community discussion yet for this question.