Microsoft-Graph

Identity Basics 2 - Permissions, Scopes and Consent

In my previous post, we saw how app registrations add identity configurations for applications on Azure AD. Just like a user, an application would also require access to resources like Microsoft Graph, which need authorization. The resource owner can grant(consent) or deny this authorization to the application. There are mainly 2 access scenarios: Delegated access - access on behalf of a signed-in user. User is signed-into a client application, which access the resource on behalf of the user.