Unit 6: Configure API permissions

OAuth 2.0 allows apps to access resources on behalf of users.

Scopes and Permissions

Permissions are defined as scopes and represent specific actions.

Examples include

Reading a user’s calendar.

Sending mail.

Updating user profiles.

This design enforces least privilege and limits exposure.

Configure Delegated Permissions

Open App registrations.

Select your application.

Select API permissions.

Select Add a permission.

Choose Microsoft Graph.

Select Delegated permissions.

Add openid, profile, email, and offline_access.

Select Add permissions.

Delegated permissions always operate within the signed-in user’s privileges.

Admin Consent

Admins can grant consent on behalf of all users to avoid repeated consent prompts. This is commonly required for organizational applications.