You are implementing Microsoft Entra Verified ID to issue verifiable credentials to employees for proof of employment. Which component is required to issue and verify credentials?
DIDs are fundamental to Verified ID.
Why this answer
Microsoft Entra Verified ID uses a decentralized identity model where each issuer and verifier has a unique decentralized identifier (DID) and a trusted identity system (such as a blockchain-based ION network or a web-based DID method) to publish and resolve DID documents. The DID and the trusted identity system are the core components required to cryptographically sign verifiable credentials and verify them without relying on a central authority, making option D correct.
Exam trap
The trap here is that candidates often assume a traditional PKI certificate or a premium license is required, but Microsoft Entra Verified ID relies on decentralized identifiers (DIDs) and a trusted identity system, not on CA-issued certificates or specific license tiers.
How to eliminate wrong answers
Option A is wrong because Microsoft Entra ID P2 licenses provide advanced identity protection and governance features but are not a prerequisite for issuing or verifying verifiable credentials; Verified ID can work with any Azure AD tenant. Option B is wrong because a certificate from a public certificate authority (CA) is used for traditional PKI-based identity systems, but Verified ID uses DIDs and key pairs generated by the issuer, not a CA-issued certificate. Option C is wrong because Azure AD B2C is a customer identity and access management solution for external users, not a required component for Verified ID; Verified ID uses its own decentralized identity infrastructure.