Free Microsoft AZ-305 Actual Exam Questions - Question 13 Discussion
DRAG DROP Your on-premises network contains a server named Server1 that runs an ASP.NET application named App1. You have a hybrid deployment of Azure Active Directory (Azure AD). You need to recommend a solution to ensure that users sign in by using their Azure AD account and Azure Multi-Factor Authentication (MFA) when they connect to App1 from the internet. Which three Azure services should you recommend be deployed and configured in sequence? To answer, move the appropriate services from the list of services to the answer area and arrange them in the correct order. 
I’d pick Azure AD Application Proxy first to securely publish App1, then Azure AD to handle user authentication, and finally Azure MFA to add the extra verification step for internet users. That order fits the hybrid setup best.
I think starting with Azure AD Application Proxy makes sense to expose App1 securely, then Azure AD for sign-in, and lastly enforce MFA. Without the proxy, you can't easily apply Azure AD authentication from outside your network.
I’d say start with Azure AD Application Proxy to enable secure remote access, then Azure AD for authentication, and finally Azure MFA to enforce multi-factor checks. That sequence covers external access and security.
Does the question clarify if App1 supports modern authentication protocols like OAuth or OpenID Connect? That might affect which Azure services to pick and in what order.