U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft AZ-204 Exam - Topic 2 Question 122 Discussion

You are developing an ASP.NET Core app hosted in Azure App Service.The app requires custom claims to be returned from Microsoft Entra ID for user authorization. The claims must be removed when the app registration is removed. You need to include the custom claims in the user access token. What should you do?
A) Configure the app to use the OAuth 2.0 authorization code flow.
B) Implement custom middleware to retrieve role information from Microsoft Entra ID.
C) Add the groups to the groupMembershipClaims attribute in the app manifest.
D) Require the https://graph.microsoft.eom/.default scope during authentication.
E) Add the roles to the appRoles attribute in the app manifest.

Microsoft AZ-204 Exam - Topic 2 Question 122 Discussion

Actual exam question for Microsoft's AZ-204 exam
Question #: 122
Topic #: 2
[All AZ-204 Questions]

You are developing an ASP.NET Core app hosted in Azure App Service.

The app requires custom claims to be returned from Microsoft Entra ID for user authorization. The claims must be removed when the app registration is removed. You need to include the custom claims in the user access token. What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Ernest at Aug 16, 2025, 04:59 PM

Limited Time Offer

25%

Off

Get Premium AZ-204 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Son
6 months ago
D seems off, we need more than just scopes for custom claims.
upvoted 0 times
...
Skye
6 months ago
Wait, can you really remove claims just by deleting the app registration?
upvoted 0 times
...
Hubert
6 months ago
Totally agree with C! Makes the most sense.
upvoted 0 times
...
Celestina
6 months ago
E is interesting, but I’m not sure it covers everything we need.
upvoted 0 times
...
Sherita
7 months ago
I think option C is the way to go for custom claims.
upvoted 0 times
...
Chantay
7 months ago
I vaguely remember that we need to set up the app roles in the manifest for claims, but I’m not entirely sure if that’s the right approach here.
upvoted 0 times
...
Myra
7 months ago
I feel like we discussed the OAuth 2.0 flow in class, but I’m not confident it directly applies to adding custom claims.
upvoted 0 times
...
Elenor
7 months ago
I think option C sounds familiar from our practice questions, but I can't recall if it specifically relates to custom claims in the access token.
upvoted 0 times
...
Jerlene
8 months ago
I remember something about using the app manifest to configure claims, but I'm not sure if it's the groups or roles that need to be added.
upvoted 0 times
...
Ruby
8 months ago
I feel pretty confident about this one. The question is asking how to include custom claims in the user access token, and the solution is to add the groups to the groupMembershipClaims attribute in the app manifest.
upvoted 0 times
...
Rebbecca
8 months ago
Hmm, this is a tricky one. I'm not sure if I should be requiring the https://graph.microsoft.eom/.default scope during authentication or if there's a different approach I should be taking. I'll have to review the information on custom claims and app manifests.
upvoted 0 times
...
Keshia
8 months ago
The key here is that the custom claims need to be included in the user access token. I believe the correct answer is to add the roles to the appRoles attribute in the app manifest.
upvoted 0 times
...
Tijuana
8 months ago
I'm a bit confused about the different options here. I'm not sure if I should be configuring the app to use the OAuth 2.0 authorization code flow or if I need to implement custom middleware. I'll have to think this through carefully.
upvoted 0 times
...
Ronnie
8 months ago
This question seems straightforward. I think the answer is to add the groups to the groupMembershipClaims attribute in the app manifest.
upvoted 0 times
...
Jutta
9 months ago
I think Hershel might be right. Adding roles could be a better way to include custom claims in the user access token.
upvoted 0 times
...
Dalene
10 months ago
But adding roles might not necessarily include custom claims. GroupMembershipClaims seems more appropriate for custom claims.
upvoted 0 times
...
Andrew
10 months ago
I think option C is the way to go. Adding the groups to the groupMembershipClaims attribute in the app manifest sounds like the simplest and most straightforward solution.
upvoted 0 times
Hubert
9 months ago
B) Implement custom middleware to retrieve role information from Microsoft Entra ID.
upvoted 0 times
...
Taryn
9 months ago
A) Configure the app to use the OAuth 2.0 authorization code flow.
upvoted 0 times
...
...
Hershel
10 months ago
I disagree, I believe the correct answer is E) Add the roles to the appRoles attribute in the app manifest.
upvoted 0 times
...
Dalene
10 months ago
I think the answer is C) Add the groups to the groupMembershipClaims attribute in the app manifest.
upvoted 0 times
...

Save Cancel