Skip to Content

AZ-500: How Does Admin Consent Work for Application Permissions in Azure AD?

By: Author Alex Lim

Posted on

Categories AZ-500

Home » Exam » AZ-500 » AZ-500: How Does Admin Consent Work for Application Permissions in Azure AD?

Does Azure Admin Consent Grant Permissions for All Users or Just One?

Prepare for the AZ-500 exam by understanding how Azure AD admin consent works. Learn why it grants application permissions on behalf of all users in the tenant, not just a specific user, and how it differs from user consent.

Question

Admin consent grants consent on behalf of:

A. A specific user
B. All users
C. A specific user or device
D. None of the above

Answer

B. All users

Explanation

Admin consent grants consent on behalf of all users.

The statement is correct because granting admin consent for an application in Azure Active Directory is a tenant-wide action performed by a privileged administrator. When an administrator grants consent, they are doing so on behalf of every user in the organization. This means that individual users will no longer be prompted to consent to those permissions when they sign into the application.

This concept is a critical part of the Azure AD application consent framework and differs from user consent:

  • Admin Consent: This is required for applications that request high-privilege permissions or any “application permissions” (which allow an app to act as itself without a signed-in user). A user with a privileged role, such as Global Administrator or Application Administrator, must perform this action. Once granted, the consent applies to the entire tenant.
  • User Consent: This allows an individual user to grant an application permission to access their own data. This is only possible for lower-privilege delegated permissions that do not require administrator approval. For example, a user can consent for an app to read their own profile information.

By granting admin consent, the administrator is effectively vouching for the application’s trustworthiness and authorizing it to access company data on behalf of all users, streamlining the sign-in process and centralizing control over application permissions.

Microsoft AZ-500 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Microsoft AZ-500 exam and earn Microsoft AZ-500 certification.