You have an Azure Active Directory (Azure AD) tenant.
You plan to provide users with access to shared files by using Azure Storage. The users will be provided with different levels of access to various Azure file shares based on their user account or their group membership.
You need to recommend which additional Azure services must be used to support the planned deployment.
What should you include in the recommendation?
Click on the arrows to vote for the correct answer
A. B. C. D.C
Azure Filessupports identity-based authentication over Server Message Block (SMB) throughtwo types of Domain Services: on-premises Active Directory Domain
Services (AD DS) and Azure Active Directory Domain Services (Azure AD DS).
https://docs.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-domain-service-enableTo provide users with access to shared files stored in Azure Storage, you can use Azure Files, which is a fully managed file share service in Azure that allows you to access files via the industry-standard Server Message Block (SMB) protocol or Network File System (NFS) protocol.
To ensure that users are granted the appropriate levels of access to different Azure file shares based on their user account or group membership, you need to integrate Azure Files with Azure Active Directory (Azure AD), which is a cloud-based identity and access management service provided by Microsoft.
In this case, you need to use Azure AD to manage the access controls for your Azure file shares. You can do this by creating security groups in Azure AD and then assigning permissions to those groups for specific Azure file shares. You can also assign individual users to Azure file shares.
Therefore, the recommended additional Azure service to support the planned deployment is an Azure AD enterprise application (option A). This application will allow you to grant permissions to the appropriate Azure file shares to the necessary users or groups, using Azure AD security groups.
Azure Information Protection (option B) is a service that helps you classify and protect your sensitive data, but it is not required to support the planned deployment.
Azure AD Domain Services (Azure AD DS) (option C) is a managed domain service that provides domain join, group policy, LDAP, and Kerberos/NTLM authentication. It is used to support legacy applications that require domain services, but it is not required to support the planned deployment.
Azure Front Door (option D) is a service that provides global load balancing and intelligent delivery of HTTP/HTTPS traffic to your applications. It is not required to support the planned deployment.