Developing Solutions for Microsoft Azure (AZ-204) Practice Exam

In which scenario is code required to handle Conditional Access challenges?

• A. Apps performing the device-code flow
• B. Apps performing the on-behalf-of flow
• C. Apps performing the Integrated Windows authentication flow
• D. Apps using basic authentication

The correct answer is: Apps performing the on-behalf-of flow

In the context of Conditional Access in Microsoft Azure, handling challenges is crucial when dealing with scenarios where applications need to obtain tokens on behalf of a user. The on-behalf-of flow is specifically designed for situations where an application needs to access resources as a user, and therefore, it is subject to Conditional Access policies that may require additional checks or challenges. When using the on-behalf-of flow, the application will first receive an access token from the user. However, when it requests access to another API on behalf of that user, it might encounter Conditional Access challenges based on the user's account status, device compliance, location, or other criteria defined by the organization. These challenges could manifest as prompts for multi-factor authentication or other security measures. The application must be able to handle these challenges to successfully obtain the required access tokens for the subsequent API calls. Other flows mentioned, such as the device-code flow, Integrated Windows authentication flow, and basic authentication, typically do not involve the application acting on behalf of a user in the same way, and therefore, they are less likely to require explicitly handling Conditional Access challenges as part of their normal operations.