nerdexam
ExamsSC-300Questions#125
MicrosoftMicrosoft

SC-300 · Question #125

SC-300 Question #125: Real Exam Question with Answer & Explanation

To allow App1 (a web service/daemon) to use Microsoft Graph to read directory data, you must first register the application in Azure AD to establish its identity. Next, you add app permissions (application permissions, not delegated) because App1 runs as a service without a signe

Submitted by emma.c· Mar 6, 2026Implement and manage Azure AD application registrations and configure API permissions for service applications - typically mapped to 'Implement Identities' or 'Manage Application Access' in AZ-104/AZ-204/MS-500 certification domains.

Question

Drag and Drop Question Your company has an Azure Active Directory (Azure AD) tenant named contoso.com. The company is developing a web service named App1. You need to ensure that App1 can use Microsoft Graph to read directory data in contoso.com. Which three actions should yon perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them In the correct order. Answer:

Explanation

To allow App1 (a web service/daemon) to use Microsoft Graph to read directory data, you must first register the application in Azure AD to establish its identity. Next, you add app permissions (application permissions, not delegated) because App1 runs as a service without a signed-in user, requiring application-level Microsoft Graph permissions like 'Directory.Read.All'. Finally, an administrator must grant admin consent because application permissions that access directory data are high-privilege and cannot be self-consented by users.

Topics

#Azure Active Directory#Microsoft Graph API#App Registration#Admin Consent

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SC-300 PracticeBrowse All SC-300 Questions