New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft AZ-204 Exam - Topic 3 Question 119 Discussion

Actual exam question for Microsoft's AZ-204 exam
Question #: 119
Topic #: 3
[All AZ-204 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this question, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are developing a website that will run as an Azure Web App. Users will authenticate by using their Azure Active Directory (Azure AD) credentials.

You plan to assign users one of the following permission levels for the website: admin, normal, and reader. A user's Azure AD group membership must be used to determine the permission level. You need to configure authorization.

Solution:

*Create a new Azure AD application's manifest, set value of the groupMembershipClaims option to All.

*In the website, use the value of the groups claim from the JWI for the user to determine permissions.

Does the solution meet the goal?

Show Suggested Answer Hide Answer
Suggested Answer: A

To configure Manifest to include Group Claims in Auth Token

1. Go to Azure Active Directory to configure the Manifest. Click on Azure Active Directory, and go to App registrations to find your application:

2. Click on your application (or search for it if you have a lot of apps) and edit the Manifest by clicking on it.

3. Locate the ''groupMembershipClaims'' setting. Set its value to either ''SecurityGroup'' or ''All''. To help you decide which:

''SecurityGroup'' - groups claim will contain the identifiers of all security groups of which the user is a member.

''All'' - groups claim will contain the identifiers of all security groups and all distribution lists of which the user is a member

Now your application will include group claims in your manifest and you can use this fact in your code.


https://blogs.msdn.microsoft.com/waws/2017/03/13/azure-app-service-authentication-aad-groups/

by Kirby at Jul 06, 2025, 12:58 PM

Limited Time Offer

25%

Off

Get Premium AZ-204 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Gennie
2 months ago
I think it meets the goal, but double-check the manifest settings.
upvoted 0 times
...
Apolonia
2 months ago
Wait, can you really trust the groups claim like that?
upvoted 0 times
...
Tawny
3 months ago
This solution uses groupMembershipClaims correctly.
upvoted 0 times
...
Pete
3 months ago
Sounds good, but what if users are in multiple groups?
upvoted 0 times
...
Refugia
3 months ago
Totally agree, this should work for permissions!
upvoted 0 times
...
Theodora
3 months ago
I feel like there might be a catch here. What if the groups claim doesn't map correctly to the permissions we need?
upvoted 0 times
...
Sylvie
4 months ago
This seems similar to a question we did in class about Azure AD permissions, but I can't recall if we needed to configure anything else beyond the manifest.
upvoted 0 times
...
Xochitl
4 months ago
I'm not entirely sure if just setting the claims is enough. I remember a practice question where we had to also handle token validation.
upvoted 0 times
...
Simona
4 months ago
I think this solution might work because using the groupMembershipClaims option to All should give us the necessary group information.
upvoted 0 times
...
Bernardine
4 months ago
Okay, I think I've got a handle on this. The key is to set the groupMembershipClaims option in the Azure AD application manifest, and then use the groups claim from the JWT to determine the user's permission level. As long as I implement that correctly, the solution should meet the goal.
upvoted 0 times
...
Crista
4 months ago
This looks like a good opportunity to demonstrate my understanding of Azure AD and authorization management. I'll carefully review the solution and consider any potential edge cases or alternative approaches that could also work.
upvoted 0 times
...
Margurite
5 months ago
I'm a bit confused by the wording of the question. What exactly does it mean by "you will NOT be able to return to it"? That seems like an unusual constraint for an exam question. I'll need to make sure I understand that part clearly before attempting to answer.
upvoted 0 times
...
Desire
5 months ago
Okay, the key here is using the user's Azure AD group membership to determine their permission level. I think the solution provided is on the right track, but I'll need to double-check the details to make sure it fully meets the requirements.
upvoted 0 times
...
Sabrina
5 months ago
Hmm, this seems like a straightforward question about configuring authorization for an Azure Web App. I'll need to carefully read through the details and think about the best approach.
upvoted 0 times
...
Melodie
7 months ago
I think the solution is good because it uses Azure AD group membership.
upvoted 0 times
...
Destiny
8 months ago
This is a tricky one. I like how the solution uses the Azure AD groups to determine permissions, but I'm not sure about the JWI thing. Might need to dig into the documentation a bit more on that. Gonna go with 'B' for now, but I'm keeping an open mind!
upvoted 0 times
...
Tu
8 months ago
Haha, JWI? Is that some kind of new authentication protocol I haven't heard of? I'm going to go with 'B' on this one, just to be safe. Can't be too careful with these certification exams, you know?
upvoted 0 times
...
Marica
8 months ago
Hmm, I'm not sure about this. Doesn't the question say we need to use the Azure AD group membership to determine the permission level? This solution seems to rely on the JWI, which I'm not familiar with. I'd double-check the requirements just to be sure.
upvoted 0 times
Rutha
7 months ago
Yeah, we should definitely review the requirements again to make sure we are meeting the goal.
upvoted 0 times
...
Carin
7 months ago
I agree, it seems like the solution is not using the Azure AD group membership as required.
upvoted 0 times
...
...
Antione
8 months ago
I'm not sure, maybe there could be a better way to determine permissions.
upvoted 0 times
...
Cherry
8 months ago
I agree with Nickolas, setting groupMembershipClaims to All should work.
upvoted 0 times
...
Nickolas
8 months ago
I think the solution meets the goal.
upvoted 0 times
...
Chandra
8 months ago
This seems like a straightforward solution. Setting the groupMembershipClaims option to 'All' in the Azure AD application manifest should give us the group information we need to determine permissions. Looks good to me!
upvoted 0 times
Donette
7 months ago
User 3: Yes, it looks like a solid plan.
upvoted 0 times
...
Slyvia
7 months ago
User 2: Agreed, setting groupMembershipClaims to 'All' should give us the group info we need.
upvoted 0 times
...
Stevie
8 months ago
User 1: I think this solution will work.
upvoted 0 times
...
...

Save Cancel