Question

You develop and deploy an Azure App Service web app. The web app accesses Azure SQL Database data that is secured with an Azure Active Directory (Azure AD) conditional access policy. The applied policy controls access based on the network location of the user.

You need to update the web app code to respond to conditional access challenges.

What should you use?

Select only one answer.

the claims Azure AD response parameter

the realm Azure AD response parameter

the authorization_uri Azure AD response parameter

the error Azure AD response parameter

Answer 1

You should use the authorization_uri Azure AD response parameter.

When a conditional access policy is applied, the web app will receive a 401 Unauthorized response from Azure AD. The authorization_uri parameter in the response will contain the URL that the web app should redirect the user to in order to complete the conditional access challenge.

The claims, realm, and error parameters are also included in the response but they are not used for handling conditional access challenges.