Note: This question is part of a series of questions that present the same scenario.
Each question in the series contains a unique solution that might meet the stated goals.
Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it.
As a result, these questions will not appear in the review screen.
You are developing a website that will run as an Azure Web App.
Users will authenticate by using their Azure Active Directory (Azure AD) credentials.
You plan to assign users one of the following permission levels for the website: admin, normal, and reader.
A user's Azure AD group membership must be used to determine the permission level.
You need to configure authorization.
Solution: Configure the Azure Web App for the website to allow only authenticated requests and require Azure AD log on.
Does the solution meet the goal?
Click on the arrows to vote for the correct answer
A. B.B.
Instead in the Azure AD application's manifest, set value of the groupMembershipClaims option to All.
https://blogs.msdn.microsoft.com/waws/2017/03/13/azure-app-service-authentication-aad-groups/The proposed solution is a good first step towards meeting the goal of assigning permission levels based on Azure AD group membership. By configuring the Azure Web App to allow only authenticated requests and require Azure AD log on, the website ensures that users are authenticated before they can access any content. This means that unauthorized access to the website is prevented, and only users who are authenticated through Azure AD can access it.
However, the solution does not fully address the requirement of assigning permission levels based on Azure AD group membership. While the proposed solution ensures that users are authenticated, it does not enforce any authorization rules to restrict access based on the user's assigned permission level.
To fully meet the goal, the website needs to implement additional authorization rules that restrict access to content based on the user's assigned permission level. This can be achieved by using Azure AD's group-based authorization features, where permissions can be assigned to specific Azure AD groups and users can be added to these groups to grant them access to the corresponding resources.
Therefore, the solution does not meet the goal entirely, and the correct answer would be B. No. Additional configuration is needed to implement the authorization rules that restrict access based on the user's assigned permission level.