Free Microsoft AZ-305 Actual Exam Questions - Question 1 Discussion
HOTSPOT You plan to deploy an Azure web app named Appl that will use Azure Active Directory (Azure AD) authentication. App1 will be accessed from the internet by the users at your company. All the users have computers that run Windows 10 and are joined to Azure AD. You need to recommend a solution to ensure that the users can connect to App1 without being prompted for authentication and can access App1 only from company-owned computers. What should you recommend for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. 
Azure AD Join ensures seamless SSO, and Conditional Access with device compliance restricts access properly.
Azure AD Join plus Conditional Access with device compliance should do it.
I think Azure AD Join for the devices makes the most sense since it enables seamless SSO without extra prompts, which fits the requirement for users on Azure AD-joined Windows 10 machines. For restricting access to company-owned devices only, using Conditional Access policies that require device compliance or domain join is necessary. So, choosing options that enforce Azure AD Join and Conditional Access with device compliance checks seems like the right combo here. Options that don’t include these checks won’t ensure only company devices can access the app, so those should be ruled out.
I think using Azure AD Join for the devices makes sense since all users are on Windows 10 and joined to Azure AD, so they won’t get prompted again after signing in. For controlling access to company-owned devices only, Conditional Access with a policy requiring compliant or hybrid Azure AD joined devices should work. So, picking Azure AD Join for device identity and setting Conditional Access with a device compliance requirement fits both criteria well. This combo ensures smooth sign-in and blocks non-company or non-compliant computers effectively.
Definitely rule out options that don’t enforce device compliance for access, so B seems weak. To avoid prompts, single sign-on with Azure AD joined devices looks like the way to go here.