configure application registration in Azure AD

Practice Test

True or False: Azure Active Directory (Azure AD) provides a platform to manage and secure identity access for an application.

• True
• False

Answer: True.

Explanation: Azure AD provides identity management and access control capabilities for your cloud applications. You can securely sign in to your apps using Microsoft’s identity platform.

In the process of application registration in Azure AD, what should be the first step?

• a) Specify Redirect URI.
• b) Define basic application properties.
• c) Set the permissions required by the application.
• d) Enable an interactive workflow under ‘Authentication’.

Answer: b) Define basic application properties.

Explanation: The first step in application registration involves defining the basic properties of your application.

True or False: In Azure AD application registration, Redirect URIs are optional to add.

• True
• False

Answer: False.

Explanation: Redirect URIs are essential elements in application registration that specify the destinations to which the eventual tokens should be sent.

Which section of Azure AD application registration allows you to specify a Logout URL?

• a) Manifest
• b) Certificates and secrets
• c) Branding
• d) Authentication

Answer: d) Authentication.

Explanation: The ‘Authentication’ section in the Azure portal application registration page allows you to specify a Logout URL.

Multiple select: What can be included in “Define permissions of the application” step during Azure AD application registration?

• a) API permissions
• b) Key permissions
• c) Graph permissions
• d) Azure permissions

Answer: a) API permissions, c) Graph permissions.

Explanation: While defining the permissions for an app, you can specify the APIs it can work with, and whether it can read data, write data or have more extensive permissions.

True or False: Once you have registered an application in Azure AD, you cannot make changes to it.

• True
• False

Answer: False.

Explanation: You can make changes to your application at any time after its initial creation within the Azure portal.

Which section of Azure AD application registration contains “Application ID URI”?

• a) Expose an API
• b) Certificates and secrets
• c) Manifest
• d) API permissions

Answer: a) Expose an API.

Explanation: The ‘Expose an API’ section of application registration in the Azure portal is where you’ll find the “Application ID URI”.

True or False: Certificates and secrets generated in Azure AD do not have an expiration date.

• True
• False

Answer: False.

Explanation: Certificates and secrets that you generate in Azure AD do have an expiration date, typically ranging from 1 to 2 years, depending on the type.

What is the purpose of scope (permission) in Azure AD application?

• a) It is used to secure the database.
• b) It is used to define the kind of access that the application requires.
• c) It is used for exposing an API.
• d) It is used to restrict users’ access to the application.

Answer: b) It is used to define the kind of access that the application requires.

Explanation: Scopes are used to specify the kind of access that a web API requires.

What does the Manifest feature in Azure AD provide?

• a) It provides a JSON file containing the properties of the registered application.
• b) It provides a list of certificates and secrets for the application.
• c) It provides a summary of the registered applications.
• d) It provides a list of all permissions for the application.

Answer: a) It provides a JSON file containing the properties of the registered application.

Explanation: The Manifest is a feature in the Azure AD application registration process that provides a JSON formatted version of all the application properties.

Interview Questions

What is the first step in registering an application in Azure AD?

The first step in registering an application in Azure AD is to sign in to the Azure portal.

What is the purpose of application registration in Azure AD?

Application registration in Azure AD allows your application to be integrated with Azure AD for user authentication and permissions.

Can you change the application’s redirect URI after its registration in Azure AD?

Yes, you can change the application’s redirect URI even after its registration in Azure AD.

What is the need for a redirect URI in Azure AD application registration?

The redirect URI directs the OAuth 2.0 authorization response from Azure AD back to your application.

What is the role of Application ID during application registration in Azure AD?

The Application ID is a unique identifier assigned by Azure AD to your application at registration and used to identify the application during token requests.

How can you assign a role to your registered application in Azure AD?

Roles can be assigned to the application in Azure AD under the ‘App roles’ settings of your application registration in the portal.

Can multiple redirect URIs be set for one application in Azure AD?

Yes, you can add multiple redirect URIs for one application in Azure AD.

How many application objects does application registration in Azure AD create?

Application registration in Azure AD creates two application objects – one in the Azure AD tenant where the application is registered, and the other in the tenant’s application catalogue.

What is the purpose of a client secret in Azure AD application registration?

The client secret, also known as the application password, is used for confidential client scenarios where the application secret is used in the application code to authenticate and get tokens from Azure AD.

Can the same application be registered in multiple Azure AD tenants?

No, an application can only be registered in one Azure AD tenant. However, it can be made multi-tenant which allows it to be used in any Azure AD tenant.

How can permissions be granted to a registered application in Azure AD?

Permissions to a registered application can be granted under the ‘API permissions’ settings in the application registration in Azure AD.

What happens if I delete a registered app from Azure AD?

If a registered application in Azure AD is deleted, all configuration settings, permissions, and roles for that application will also be removed.

What is the use of ‘Grant admin consent’ option in Azure AD application registration?

‘Grant admin consent’ option in Azure AD allows an administrator to pre-consent to all permissions that the application requires, thereby removing the need for individual users to consent.

Can we configure a native application in Azure AD?

Yes, a native application can be configured in Azure AD using the ‘Redirect URIs’ under the Authentication tab in app registration.

What is the ‘Supported account types’ option in Azure AD application registration?

‘Supported account types’ option in Azure AD application registration defines who can use the application or access the API. The options range from single tenant to multitenant and personal Microsoft accounts.