Microsoft Azure Solutions Architect Expert AZ-305 Practice Question
Your company runs several internal web applications on Azure App Service. You must allow thousands of external contractors to sign in to these apps by using their existing Google or Microsoft personal accounts. The solution must let you collect custom profile attributes during sign-up, support self-service password reset, and scale to millions of identities without you storing any credentials. Which authentication approach should you recommend?
Create a separate Azure Active Directory B2C tenant and configure social identity providers for the applications.
Deploy Azure AD Domain Services and enable LDAP authentication for the web applications.
Publish the applications through Azure AD Application Proxy and require Azure AD sign-in to the proxy endpoints.
Invite each contractor as a guest user by using Azure AD External Identities (B2B) and assign them to the applications.
Azure Active Directory B2C is intended for customer and partner-facing applications that need to support social or local accounts without the resource tenant managing passwords. It can federate with common social identity providers, capture custom attributes through user flows or custom policies, includes self-service password reset, and is built to scale to hundreds of millions of identities while Microsoft stores all credentials.
Azure AD External Identities (B2B) can also federate with social identities, but it is optimized for organization-to-organization collaboration and offers limited customization of the end-user sign-up journey compared with B2C. Azure AD Domain Services targets legacy domain-join and LDAP/Kerberos scenarios, not modern web authentication. Publishing apps through Azure AD Application Proxy would still require each external user to be represented in the tenant as a guest or member account. Therefore, creating an Azure AD B2C tenant and configuring social identity providers best satisfies all stated requirements.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Azure Active Directory B2C?
Open an interactive chat with Bash
How does Azure AD B2C differ from Azure AD External Identities (B2B)?
Open an interactive chat with Bash
Why is Azure AD Domain Services (LDAP/Kerberos) not suitable for modern web applications?
Open an interactive chat with Bash
Microsoft Azure Solutions Architect Expert AZ-305
Design identity, governance, and monitoring solutions
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .