Microsoft Azure Security Engineer Associate AZ-500 Practice Question
Contoso registers a daemon application named DataSync in Microsoft Entra ID. The app's API permissions list shows Microsoft Graph application permission "Directory.Read.All" with the status Not granted for Contoso. You must ensure the permission is consented tenant-wide so DataSync can run with the client-credential flow and without any interactive prompt. Which Azure portal action should you take?
Add the DataSync managed identity to the built-in Directory Readers role in Microsoft Entra ID.
In User settings, set "Users can consent to apps accessing company data on their behalf" to Yes.
Enable the admin consent workflow and designate a reviewer group that includes the DataSync service principal.
Open the DataSync app registration, select API permissions, and choose Grant admin consent for Contoso.
Directory.Read.All is an application permission that always requires administrator consent. Granting tenant-wide consent is done by an administrator from the API permissions blade of the app (or its corresponding Enterprise application). Choosing Grant admin consent for records the consent on the service principal, after which the permission status changes to "Granted" and every instance of the app can obtain tokens silently. Enabling an admin consent workflow only routes future user-initiated requests and does not pre-grant permissions; letting users consent to company data applies only to delegated permissions; assigning the service principal to Directory Readers RBAC does not satisfy Microsoft Graph OAuth permission requirements.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is tenant-wide admin consent in Microsoft Entra ID?
Open an interactive chat with Bash
How is client-credential flow used with Microsoft Entra ID?
Open an interactive chat with Bash
What is the difference between application and delegated permissions in Microsoft Entra ID?
Open an interactive chat with Bash
Microsoft Azure Security Engineer Associate AZ-500
Secure identity and access
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .