Microsoft Azure Architect Design (AZ-304) Practice Test

What service provides a more secure way to manage access to network resources in Azure?

• A. Azure AD Conditional Access
• B. Azure AD Identity Protection
• C. Azure AD B2C
• D. Azure Role-Based Access Control (RBAC)

The correct answer is: Azure AD Conditional Access

The service that provides a more secure way to manage access to network resources in Azure is Azure AD Conditional Access. This service allows organizations to enforce policies that determine how and when users can access resources based on conditions, such as user location, device state, or risk levels. By applying these conditional policies, organizations can significantly enhance their security posture. For instance, if a user is attempting to access resources from an unfamiliar location or a non-compliant device, Azure AD Conditional Access can block the access request or require additional verification, like multi-factor authentication. This proactive approach mitigates risks associated with compromised credentials and unauthorized access. The other options, while relevant to security and identity management, serve different purposes. For example, Azure AD Identity Protection focuses on identifying potential vulnerabilities and risks related to user accounts, but it doesn’t actively manage access requests in the same way that Conditional Access does. Azure AD B2C is tailored for managing customer identities and providing user authentication in applications but is not primarily concerned with securing internal network resource access. Azure Role-Based Access Control (RBAC) governs what actions users can perform on Azure resources by assigning roles, but it does not address the context and conditions under which access should be granted or denied, which is where Conditional Access