Free Microsoft Azure AZ-104 Actual Exam Questions - Question 1 Discussion
Web Deploy. You need to ensure that the developers of App1 can use their Azure AD
credentials to deploy content to App1. The solution must use the principle of least privilege.
What should you do?
C, since it grants deployment rights via Azure AD, fitting least privilege perfectly.
Option C makes sense since Website Contributor grants deployment rights with Azure AD and limits access. Owner is overkill, and FTP credentials don’t integrate with Azure AD for Web Deploy.
It’s C because Website Contributor role specifically allows deployment rights using Azure AD, keeping permissions limited. FTP options don’t support Azure AD login, so they don’t fit the question’s requirements.
C imo since Website Contributor is designed to give deployment rights without full control. Owner is way too broad, and FTP credentials don’t tie into Azure AD authentication. Since the question asks for using Azure AD creds with least privilege, C fits best. Plus, Web Deploy supports Azure AD if the right role is assigned, so that should enable developers to deploy using their Azure AD accounts directly.
A is definitely too broad since Owner gives full control, which isn’t least privilege. If FTP credentials don’t support Azure AD, options B and D can’t be right either. So C seems the only one that fits both criteria. But does Website Contributor directly support Web Deploy with Azure AD creds?
C. The Website Contributor role seems to fit best here since it grants permissions just enough for managing the web app without giving full ownership. Assigning Owner (A) is overkill and breaks least privilege, while FTPS credentials (B and D) don’t tie directly to Azure AD accounts like the question asks. So C should let devs deploy with their Azure AD creds properly.