Download Building Applications and Solutions with Microsoft 365 Core Services.MS-600.CertDumps.2022-08-22.176q.vcex

Scenario: ADatum identifies the following technical requirements for the planned E-invoicing capabilities:Ensure that all operations performed by E-invoicing against Office 365 are initiated by a user. Require that the user authorize E-invoicing to access the Office 365 data the first time the application attempts to access Office 365 data on the user's behalf.Reference: https://docs.microsoft.com/en-us/graph/permissions-reference

Scenario: Implement single sign-on (SSO) and minimize login prompts across browser tabs.When your application is open in multiple tabs and you first sign in the user on one tab, the user is also signed in on the other tabs without being prompted. MSAL.js caches the ID token for the user in the browser localStorage and will sign the user in to the application on the other open tabs. By default, MSAL.js uses sessionStorage which does not allow the session to be shared between tabs. To get SSO between tabs, make sure to set the cacheLocation in MSAL.js to localStorage.Reference: https://docs.microsoft.com/bs-latn-ba/Azure/active-directory/develop/msal-js-sso

clientState specifies the value of the clientState property sent by the service in each notification. The maximum length is 128 characters. The client can check that the notification came from the service by comparing the value of the clientState property sent with the subscription with the value of the clientState property received with each notification.Note: A subscription allows a client app to receive notifications about changes to data in Microsoft Graph.Reference: https://docs.microsoft.com/en-us/graph/api/resources/subscription

To use Microsoft Graph to read and write resources on behalf of a user, your app must get an access token from the Microsoft identity platform and attach the token to requests that it sends to Microsoft Graph.One common flow used by native and mobile apps and also by some Web apps is the OAuth 2.0 authorization code grant flow.Scenario: Email the generated invoices to customers on behalf of the current signed-in user. Any emails generated by the system will contain the invoiced.Use Azure AD to manage identities, authentication, and authorization.Reference: https://docs.microsoft.com/en-us/graph/auth-v2-user

Here is a quick overview of the steps:Step 1: Register an application in Azure AD for the backend web service Register an application (backend-app) in Azure AD to represent the API.Step 2: Set the App ID URI for the backend service application registration When the application is created (step 1) select Expose an API and click on Save and continue to create an Application ID URI.Step 3: Defend the scopes in the backend web service application registration In the Add a scope page, create a new scope supported by the API. (e.g., Read) then click on Add scope to create the scope. Repeat this step to add all scopes supported by your API.Step 4: Register an application in Azure AD for E-invoicing. Step 4.1 Register another application in Azure AD to represent a client application Step 4.2 Now that you have registered two applications to represent the API and the Developer Console, you need to grant permissions to allow the client-app to call the backend-app.Scenario:Secure access to the backend web service by using Azure AD E-invoicing will have internal logic that will dynamically identify whether the user should be allowed to call the backend API.Reference: https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad

In web server apps, the sign-in authentication flow takes these high-level steps:    You can ensure the user's identity by validating the ID token with a public signing key that is received from the Microsoft identity platform endpoint. A session cookie is set, which can be used to identify the user on subsequent page requests.In addition to simple sign-in, a web server app might need to access another web service, such as a REST API. In this case, the web server app engages in a combined OpenID Connect and OAuth 2.0 flow, by using the OAuth 2.0 authorization code flow.Reference: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-app-types

A client application gains access to a resource server by declaring permission requests. Two types are available:"Delegated" permissions, which specify scope-based access using delegated authorization from the signed-in resource owner, are presented to the resource at run-time as "scp" claims in the client's access token."Application" permissions, which specify role-based access using the client application's credentials/ identity,are presented to the resource at run-time as "roles" claims in the client's access token.Reference: https://docs.microsoft.com/en-us/azure/active-directory/develop/developer-glossary#permissions

C: The required client_id is the Application (client) ID that the Azure portal ?App registrations experience assigned to your app.E: The authorization code flow begins with the client directing the user to the /authorize endpoint.    Reference: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow

The HyperText Transfer Protocol (HTTP) 412 Precondition Failed client error response code indicates that access to the target resource has been denied. This happens with conditional requests on methods other than GET or HEAD when the condition defined by the If-Unmodified-Since or If-None-Match headers is not fulfilled.In that case, the request, usually an upload or a modification of a resource, cannot be made and this error response is sent back.MsalUiRequiredExceptionThe "Ui Required" is proposed as a specialization of MsalServiceException named MsalUiRequiredException.This means you have attempted to use a non-interactive method of acquiring a token (e.g. AcquireTokenSilent), but MSAL could not do it silently. this can be because:you need to sign-inyou need to consentyou need to go through a multi-factor authentication experience.The remediation is to call AcquireTokenInteractivetry{app.AcquireTokenXXX(scopes, account).WithYYYY(...).ExecuteAsync()}catch(MsalUiRequiredException ex){app.AcquireTokenInteractive(scopes).WithAccount(account).WithClaims(ex.Claims).ExcecuteAsync();}Incorrect Answers:A: A 307 Temporary Redirect message is an HTTP response status code indicating that the requested resource has been temporarily moved to another URI , as indicated by the special Location header returned within the responseB: The 400 Bad Request Error is an HTTP response status code that indicates that the server was unable to process the request sent by the client due to invalid syntax.C: The 403 Forbidden Error happens when the web page (or other resource) that you're trying to open in your web browser is a resource that you're not allowed to access.References: https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-handling-exceptions https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/exceptions

You can authenticate to the Graph API with two primary methods: AppId/Secret and certificate based authentication. Certificate is the preferred and more secure way of authenticating.Reference: https://adamtheautomator.com/microsoft-graph-api-powershell/