Microsoft Azure Solutions Architect Expert AZ-305 Practice Question
Contoso Ltd. is building a SaaS web app on Azure App Service. The app will be used by Contoso employees in the contoso.com Azure AD tenant and by users from customer organizations that want to sign in with their own Azure AD tenants. Contoso administrators must apply identical Conditional Access and MFA policies to all sign-ins, while customer organizations remain responsible for creating, deleting, and managing the credentials of their own users. Social identity providers are not required. Which authentication approach should you recommend?
Configure Azure AD B2B collaboration, invite external users as guest accounts, and protect the App Service with Azure AD authentication.
Deploy a dedicated Azure AD B2C tenant and configure OpenID Connect federation with each customer tenant.
Register the application as multi-tenant in Azure AD and enable App Service Authentication without guest accounts.
Provision Azure AD Domain Services and join the App Service virtual network to the managed domain.
Azure AD B2B collaboration lets external users authenticate with their home Azure AD credentials while appearing as guest accounts in the Contoso tenant. Because the guests exist in Contoso's directory, the same Conditional Access and MFA policies that protect employees can be applied to the guests when they access the App Service. The customer organizations still manage the identities themselves, as credentials and lifecycle remain in the home tenant.
Azure AD B2C is aimed at consumer-facing scenarios and would create a separate directory that Contoso would have to manage and secure independently, making it harder to apply the same Conditional Access policies. Registering the application as multi-tenant without guests leaves policy enforcement to each customer's tenant, so Contoso could not guarantee consistent controls. Azure AD Domain Services is unrelated to web-based single sign-on and would not satisfy the requirements.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Azure AD B2B collaboration?
Open an interactive chat with Bash
Why is Azure AD B2C not suitable for this scenario?
Open an interactive chat with Bash
How does Azure AD authentication work with App Service?
Open an interactive chat with Bash
Microsoft Azure Solutions Architect Expert AZ-305
Design identity, governance, and monitoring solutions
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .