Skip to Content

Microsoft AZ-900: Enable Single Sign-On for Multiple Apps

By: Author Alex Lim

Posted on

Categories Exam

Learn how Azure Active Directory (AD) enables single sign-on (SSO) for multiple applications. Master this key concept for the AZ-900 Microsoft Azure Fundamentals certification exam.

Table of Contents

Question

__________ enables users to authenticate to multiple applications by using single sign-on (SSO).

A. Application security groups in Azure
B. Azure Active Directory (Azure AD)
C. Azure Key Vault
D. Microsoft Defender for Cloud

Answer

B. Azure Active Directory (Azure AD)

Explanation

You can enable single sign-on for an enterprise application through Azure Active Directory (Azure AD.

Incorrect: Application security groups enable you to configure network security as a natural extension of an application’s structure, allowing you to group virtual machines and define network security policies based on those groups.

Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service. One of its key features is enabling single sign-on (SSO) for users to authenticate and access multiple applications.

With Azure AD SSO, a user logs in once with a single account and is then signed into other applications automatically, without being prompted to enter their credentials again for each app. This provides a seamless experience and improves security by reducing password fatigue and the risk of credential reuse.

Azure AD supports several SSO methods, including:

  • SAML-based SSO
  • Password-based SSO
  • Linked sign-on
  • Integrated Windows Authentication

To enable SSO, applications must be integrated with Azure AD, which can be done through the Azure AD App Gallery, custom integrations, or the Azure AD Application Proxy for on-premises apps.

The other options are incorrect because:

  • Application security groups are used to group VMs and define network security policies, not for SSO.
  • Azure Key Vault securely stores secrets like passwords and keys, but doesn’t itself provide SSO capabilities.
  • Microsoft Defender for Cloud is a security management system that provides threat protection and security recommendations, but is not directly involved in user authentication and SSO.

In summary, Azure Active Directory is the Microsoft service that enables single sign-on across multiple applications, making it the correct answer to this AZ-900 exam question.

Microsoft AZ-900 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Microsoft AZ-900 exam and earn Microsoft AZ-900 certification.