Microsoft Azure Architect Design (AZ-301) Practice Exam

Which component is crucial to configure for the validation of JWT claims in Azure API Management to ensure secure access to web APIs?

• A. Azure AD
• B. Azure API Management
• C. The web APIs
• D. A User-Assigned Managed Service Identity

The correct answer is: Azure API Management

The key component to configure for the validation of JWT (JSON Web Token) claims in Azure API Management is the API Management service itself. This service acts as a gatekeeper that ensures only authenticated and authorized requests are processed. When working with JWT tokens in Azure API Management, the service needs to be set up to validate the claims contained within the tokens, such as issuer, audience, and expiry times. By configuring the API Management to properly validate these claims, you can control access to your web APIs, making sure that only tokens issued by trusted identity providers are accepted. This validation step is crucial in protecting APIs from unauthorized access and ensuring that the requests made to the web APIs are coming from authenticated users or services. Azure AD, the web APIs, and a User-Assigned Managed Service Identity, while they may play roles in broader security architectures or identity management, do not directly handle the JWT claim validation within the context of Azure API Management. Instead, they are complementary components or layers that may provide identity and access management but do not perform the JWT validation themselves in the API Management context. Thus, focusing on the configuration of Azure API Management ensures the security of API access based on JWT claims.