Explore how delegated permissions play a crucial role in accessing Microsoft Graph for apps with a signed-in user.
Table of Contents
Question
You have a Microsoft 365 subscription.
You plan to deploy an app named App1 that will have the following configurations:
- Will be registered in Microsoft Entra
- Will access the signed-in user’s Microsoft Outlook calendar by using the Microsoft Graph API
You need to ensure that App1 can access Microsoft Graph.
What should you use?
A. application permissions
B. delegated permissions
C. a custom role-based access control (RBAC) role
D. a built-in role-based access control (RBAC) role
Answer
B. delegated permissions
Explanation
Delegated permissions are used by apps that have a signed-in user present. For these apps, either the user or an administrator consents to the permissions that the app requests, and the app can act as the signed-in user when making calls to Microsoft Graph. Some delegated permissions can be consented to by non-administrative users, but some higher-privileged permissions require administrator consent.
In the context of the question, since App1 needs to access the signed-in user’s Microsoft Outlook calendar, it would require delegated permissions. Application permissions are more appropriate for apps that run as a service without a signed-in user present. Role-based access control (RBAC) roles, both custom and built-in, are not directly related to accessing Microsoft Graph and are more about providing specific roles and responsibilities within Azure resources.
Microsoft SC-300 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Microsoft SC-300 exam and earn Microsoft SC-300 certification.