AZ-400 – Question 85


You need to ensure that an Azure web app named az400-9940427-main can retrieve secrets from an Azure key vault named az400-9940427-kv1 by using a system managed identity.
The solution must use the principle of least privilege.
To complete this task, sign in to the Microsoft Azure portal.

Correct Answer: See explanation below.

They changed the question a little bit but I guess the answer is the same:

1) Enable identity for resource
2) Go to KV
3) Access policies
4) Add
5) click Select principal -> Find your resource identity
6) Choose proper permissions, for getting secrets it’s only GET in secret permissions
7) Add

8) Save