Microsoft Azure Security Engineer Associate AZ-500 Practice Question
Your organization is developing a web API that is registered in Microsoft Entra ID. Security policy states that ordinary users must be prevented from granting the API any permissions themselves; only a tenant administrator can approve access. Within the API's app registration, which change will enforce this policy for every new permission scope you expose?
Assign a system-assigned managed identity to the app registration.
Enable the User assignment required property on the enterprise application that represents the API.
Switch the app registration from multitenant to single-tenant access only.
Mark each delegated permission scope as Admin consent required under Expose an API.
When you define or edit a delegated permission scope for a custom API under Expose an API, select the option Admin consent required. This sets the scope's type property to "Admin" (Who can consent: Admins only). Once configured, regular users can no longer grant the permission; a tenant administrator with the appropriate role must provide consent on behalf of the organization. Settings such as User assignment required, single-tenant versus multitenant configuration, or managed identity assignments do not influence whether users can self-consent to API permissions.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does 'Admin consent required' mean in Microsoft Entra ID?
Open an interactive chat with Bash
What is the difference between 'delegated permissions' and 'application permissions' in Entra ID?
Open an interactive chat with Bash
What is the purpose of the 'Expose an API' section in Microsoft Entra ID?
Open an interactive chat with Bash
Microsoft Azure Security Engineer Associate AZ-500
Secure identity and access
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .