Home › Azure AZ-500 › cloudcomputing › az500identityaccess › Which Microsoft Entra ID feature should an admin…
Which Microsoft Entra ID feature should an admin use to require user CONSENT to specific OAuth scopes when a new third-party application requests access to user data?
AApp registration permission consent (admin consent + user consent workflows)
BDisabling Entra ID
CAuto-approve every OAuth request without review
DSharing the global admin's password with the third-party
Answer & Solution
Correct answer: A. App registration permission consent (admin consent + user consent workflows)
App-registration consent flows govern third-party OAuth grants (per AZ-500 §1 app permissions). The other options are insecure.
Related questions
Which Microsoft Entra ID feature lets a security engineer detect risky user behaviour (impWhich Microsoft Entra capability lets an admin enforce per-user MFA via a Conditional AcceWhich Microsoft Entra ID feature lets a developer register an app and obtain a CLIENT ID aWhich Azure / Microsoft Entra feature lets an admin enforce 'block sign-in from countries Which Microsoft Entra ID feature lets an admin enforce 'every privileged role activation mWhich Microsoft Entra ID feature lets an admin define a custom role with EXACTLY the actioWhich Azure resource feature lets an Azure VM / App Service / Function App authenticate toWhich Microsoft Entra ID construct represents the identity of a non-human workload (an app