Microsoft Azure Architect Design (AZ-301) Practice Exam

In an Azure API Management setup, where should permissions to access web APIs be granted to web apps?

• A. Azure AD
• B. Azure API Management
• C. The web APIs
• D. A web app service

The correct answer is: Azure API Management

In scenarios involving Azure API Management (APIM), managing permissions to access web APIs is best done within the Azure API Management itself. This platform serves as a gateway that facilitates the exposure of APIs to clients while allowing for centralized control over access and policies. When permissions are granted in Azure API Management, the management layer can enforce various policies such as authentication, rate limiting, and transformation of requests and responses before they reach the backend web APIs. This provides an added layer of security and enables fine-grained control over who can access specific APIs. While Azure AD is an essential service for identity management and can be involved in the authentication processes, it is not the primary location for defining API permissions specific to web applications and APIs. Instead, it would typically be used for authenticating the user or service that accesses the APIs. Directly granting permissions at the web APIs level can impact scalability and management, as each API might require its own access control configuration, which could be cumbersome in large environments. Likewise, accessing permissions at the web app service level does not take advantage of the centralized management capabilities offered by Azure API Management, missing the ability to enforce consistent policies across multiple apps. Thus, utilizing Azure API Management to manage permissions allows for streamlined control and enhanced security,