Retrieve Security Tokens for Azure Applications | Microsoft Exam AZ-900

Connectivity for Retrieving Security Tokens

Prev Question Next Question

Question

To what should an application connect to retrieve security tokens?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

B

Azure AD authenticates users and provides access tokens. An access token is a security token that is issued by an authorization server. It contains information about the user and the app for which the token is intended, which can be used to access Web APIs and other protected resources.

Instead of creating apps that each maintain their own username and password information, which incurs a high administrative burden when you need to add or remove users across multiple apps, apps can delegate that responsibility to a centralized identity provider.

Azure Active Directory (Azure AD) is a centralized identity provider in the cloud. Delegating authentication and authorization to it enables scenarios such as

Conditional Access policies that require a user to be in a specific location, the use of multi-factor authentication, as well as enabling a user to sign in once and then be automatically signed in to all of the web apps that share the same centralized directory. This capability is referred to as Single Sign On (SSO).

https://docs.microsoft.com/en-us/azure/active-directory/develop/authentication-scenarios

The correct answer is B. Azure Active Directory (Azure AD).

Azure Active Directory (Azure AD) is Microsoft's cloud-based identity and access management service. It is used by applications to authenticate and authorize users to access resources and services in Azure and other Microsoft services such as Office 365, Dynamics 365, and Microsoft Intune.

When an application needs to retrieve security tokens, it should connect to Azure AD. Azure AD issues security tokens, such as OAuth2 access tokens, OpenID Connect ID tokens, and SAML tokens, to users and applications after they have been authenticated. These tokens are used to access Azure resources and other Microsoft services.

Azure Storage Account is a service in Azure that provides scalable, secure, and highly available storage for data objects. It is not the right service for retrieving security tokens.

A certificate store is a location in Windows where digital certificates are stored. Certificates are used to authenticate users and secure connections. However, retrieving security tokens is not related to certificates.

Azure Key Vault is a service in Azure that provides secure storage for secrets, such as passwords, cryptographic keys, and certificates. It is not the right service for retrieving security tokens.