Manage Access Reviews for App1 in Microsoft Azure

Manage Access Reviews for App1 in Microsoft Azure

Question

Your company purchases an app named App1.

You need to recommend a solution to ensure that App1 can read and modify access reviews.

What should you recommend?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

B

The app must be registered. You can register the application in the Azure Active Directory admin center.

The Azure AD access reviews feature has an API in the Microsoft Graph endpoint.

You can register an Azure AD application and set it up for permissions to call the access reviews API in Graph.

https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app

The question is asking for a recommendation to ensure that App1 can read and modify access reviews. Access reviews allow users to review and manage access to Azure AD resources, such as groups, apps, and roles, to ensure that the right people have the right access to resources.

Option A: From API Management services, publish the API of App1, and then delegate permissions to the Microsoft Graph API. This option is not the best recommendation because API Management services are typically used for managing APIs and exposing them to external users or internal developers. While App1 may have an API, it is not clear if this API is designed to manage access reviews. Delegating permissions to the Microsoft Graph API may be useful if App1 needs to interact with Microsoft Graph API, but it may not be relevant to managing access reviews.

Option B: From the Azure Active Directory admin center, register App1. From the Access control (IAM) blade, delegate permissions. This option is a good recommendation because it involves registering App1 in Azure AD and delegating permissions to it. Azure AD is the identity and access management solution for Azure, and it allows you to manage access to resources like App1. By registering App1 in Azure AD, you can assign roles and permissions to it, including the ability to manage access reviews. From the Access control (IAM) blade, you can delegate permissions to App1, which would allow it to read and modify access reviews.

Option C: From the Azure Active Directory admin center, register App1, and then delegate permissions to the Microsoft Graph API. This option is similar to option A, but instead of delegating permissions to Microsoft Graph API, it delegates permissions to App1. This is not the best recommendation because it does not specify what permissions should be delegated to App1. Additionally, it is not clear if App1 needs to interact with Microsoft Graph API.

Option D: From API Management services, publish the API of App1. From the Access control (IAM) blade, delegate permissions. This option is similar to option A, but instead of delegating permissions to Microsoft Graph API, it delegates permissions to App1. This is a better recommendation because it involves registering App1 in Azure AD and delegating permissions to it. From the Access control (IAM) blade, you can delegate permissions to App1, which would allow it to read and modify access reviews. However, it is not clear if App1 has an API that can be published using API Management services.

Therefore, the best recommendation to ensure that App1 can read and modify access reviews is option B: From the Azure Active Directory admin center, register App1. From the Access control (IAM) blade, delegate permissions.