Domain 1.4: Design identities and access for applications — AZ-305 Practice Question 15

How to approach this question

Determine how an external app authenticates to Entra ID (App Registration/Service Principal) and the most secure credential type (Certificates).

Full Answer

Register an application in Microsoft Entra ID to create a Service Principal, and Configure certificate-based authentication for the application.

Because the application is hosted outside of Azure (on AWS), you cannot use Azure Managed Identities. Instead, you must manually register the application in Microsoft Entra ID, which creates a Service Principal. To authenticate securely without using passwords (client secrets), you should configure certificate-based authentication. The external application will sign its token requests using the private key of the certificate.

Common mistakes

Selecting Managed Identity, forgetting that Managed Identities are an Azure-specific feature (unless using Azure Arc, which isn't mentioned here).

How to approach this question

Full Answer

Common mistakes

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 1

More questions from this exam