App Registrations & API Permissions
Understanding the Concept
App registrations define the identity configuration for applications that integrate with Microsoft Entra ID. When you register an app, you configure its authentication settings, redirect URIs, API permissions, and credentials (secrets or certificates).
API permissions come in two types: Delegated permissions (act on behalf of a signed-in user) and Application permissions (act as the app itself without a user). Application permissions are more powerful and require admin consent.
User and admin consent controls whether users can grant permissions to apps themselves or require administrator approval. Configuring consent policies properly balances user productivity with security governance.
Key Points
- App registration: Identity configuration (client ID, redirect URIs, credentials)
- Delegated permissions: App acts on behalf of signed-in user
- Application permissions: App acts independently, more powerful
- Admin consent: Required for high-privilege or application permissions
- User consent: Configurable - allow, restrict, or require admin review
App Registration Components
Register App
Create registration with redirect URIs and platform config
Credentials
Add client secret or certificate for authentication
API Permissions
Configure delegated or application permissions to APIs
Consent
Admin grants consent for requested permissions
App Roles
Define custom roles for fine-grained authorization
Why This Matters in Real Organizations
Every custom application and third-party integration relies on app registrations. Misconfigured permissions can expose organizational data, while overly restrictive consent policies block legitimate business apps. Understanding this balance is critical for SC-300.
Common Mistakes to Avoid
Interview Tips
- Explain delegated vs application permissions with examples
- Discuss consent workflow and admin consent settings
- Mention the principle of least privilege for API permissions
Exam Tips (SC-300)
- Know the difference between delegated and application permissions
- Understand admin consent vs user consent settings
- Know how to configure consent policies
Course Complete!
You've finished all lessons