Microsoft Azure Architect Design (AZ-301) Practice Exam

In the context of Azure services, which authentication method offers minimal administrative effort while ensuring the app's authenticity?

• A. Create a system-assigned Managed Service Identity
• B. Create a user-assigned Managed Service Identity
• C. Register each application in Azure AD
• D. Use a SAML-based identity provider

The correct answer is: Create a user-assigned Managed Service Identity

The choice of creating a user-assigned Managed Service Identity aligns with the requirement for minimal administrative effort while ensuring the authenticity of an app. User-assigned Managed Service Identities allow developers to assign a managed identity to a specific Azure resource, which can then be used to authenticate to Azure services securely without the need for credentials. This approach mitigates the complexities and overhead typically associated with managing application secrets or credentials, as Azure handles the maintenance of the identity and rotates any associated secrets. Since the authentication process happens automatically in the background, it significantly reduces the burden on administrative effort, allowing teams to focus on developing and deploying applications rather than managing credential lifecycle. In contrast, options like creating a system-assigned Managed Service Identity, registering applications in Azure Active Directory, or utilizing a SAML-based identity provider might involve additional steps for configuration, management, or administrative control. While these methods are valid and secure, they tend to require more management activities, such as handling integrations with different identity providers or maintaining application registrations, which increases overhead compared to using a user-assigned Managed Service Identity.