You create a web API that is hosted in Azure.
You need to protect the API by using OAuth 2.0 authentication with your company's Azure Active Directory (AD) tenant.
Which additional Azure resource should you create?
You should create an API Management instance. This is required for allowing a client application to use OAuth 2.0 authentication with an Azure AD tenant.
You should not create a key vault. A key vault allows you to store secrets, keys, and certificates. It is not required for using OAuth 2.0.
You should not create an NSG. An NSG allows you to filter traffic to and from Azure resources. It is not required for using OAuth 2.0.
You should not create an Application Gateway. An Application Gateway allows you to create a load balancer to backend web applications. It is not required for using OAuth 2.0.