Scenarios - Build

Question 1

A tenant represents an …

Answer 1

organisation

Question 2

To build apps that use the Microsoft Identity platform for identity and access management, you need access to an …

Answer 2

Azure Active Directory (Azure AD) tenant

Question 3

What is the URL for the Microsoft Entra admin centre?

Answer 3

https://entra.microsoft.com

Question 4

In the MS Entra admin centre where can I see the Tenant ID?

Answer 4

1. Hover over the user profile
2. Identity –> Overview

Question 5

What does the acronym IAM stand for?

Answer 5

Identity and Access Management

Question 6

To create a new tenant

Answer 6

1. Sign in to the Azure portal
2. Select Azure Active Directory
3. Select Manage tenants
4. Create
5. Choose the type of tenant: Workforce or Customer
6. Select Next: Configuration
7. Fill out the Configuration fields
8. Next: Review and Create

Question 7

When you create a new tenant, you become the … of that tenant and are assigned the ….. role

Answer 7

1. First user
2. Global Administrator

Question 8

What Azure AD roles include permissions to manage applications?

Answer 8

• Application administrator
• Application developer
• Cloud application administrator

Question 9

How do I register an application in Azure AD?

Answer 9

1. Sign into the Azure portal
2. If required, switch tenants
3. Search for an select Azure Active Directory
4. Under Manage, select App registrations > New registration
5. Enter the display Name for the application
6. Specify the sign-in audience
7. Enter the Redirect URI (optional)
8. Select Register to complete the initial app registration

Question 10

What is the value that uniquely identities your application in the Microsoft Identity Platform

Answer 10

Application (client) ID

Question 11

Are new app registrations visible to users by default?

Answer 11

No, they are hidden. To enable the app navigate to Azure Active Directory > Enterprise applications and select the App. Then on the properties page toggle Visible to users to Yes.

Question 12

Where can a user see the available applications?

Answer 12

myapps.microsoft.com

Question 13

During development what is an example of redirect URI you might use where you run your app locally?

Answer 13

https://127.0.0.1/auth-response
https://localhost/auth-response

Question 14

How do you configure platform settings for an application?

Answer 14

1. In the Azure portal, in App registrations, select your application
2. Under Manage, select Authentication
3. Under Platform configurations, select Add a platform
4. Under Configure platforms, select the tile for the application type (platform) to configure it’s settings
5. Select Configure

Question 15

You cannot use the Redirect URIs text box to set http://127.0.0.1 as the redirect URL. How can this be done?

Answer 15

Modify the replyUrlsWithType attribute in the application manifest.

...
    "replyUrlsWithType": [
        {
            "url": "http://127.0.0.1/auth-response",
            "type": "Web"
        }
    ],
...

Question 16

What type of app registrations need credentials?

Answer 16

Confidential client applications that access a web API such as web apps, other web APIs, or service-type and daemon-type applications.

Question 17

What are the 3 credential types?

Answer 17

1. Certificate (recommended)
2. Client secret
3. Federated credential

Question 18

What do you need to configure to expose your resource application web APIs to client applications?

Answer 18

Expose access scopes and roles for your API

Question 19

What do you need to configure if you want a client application to access a web API

Answer 19

Grant permission for the client application to access the API in the app registration

Question 20

What is a common scope naming convention?

Answer 20

resource.operation.constraint