The correct answer is D. an app registration . Microsoft Learn states that to delegate identity and access management functions to Microsoft Entra ID , an application must be registered with a Microsoft Entra tenant . When you register an application, you create its identity configuration in Microsoft Entra, and a corresponding service principal is created so the application can authenticate and integrate with the tenant. This is the standard Microsoft mechanism for allowing a third-party cloud service or app to authenticate to Microsoft Entra.
The other options do not provide the app identity required for authentication. Multifactor authentication (MFA) strengthens user sign-ins, but it does not onboard a third-party service as an application identity in Entra. Conditional Access enforces access policies after authentication and authorization decisions are being made; it does not create the application identity itself. A Microsoft 365 Copilot connector is used to bring external data into Microsoft 365 experiences, not to let a third-party cloud service authenticate to Microsoft Entra. Therefore, the correct configuration is an app registration .
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit