To implement a permission classification in a Microsoft Entra tenant, you should select delegated permissions that require only user consent. This is because permission classifications in Microsoft Entra ID currently support classifying delegated permissions that do not require admin consent
https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/configure-permission-classifications?pivots=portal
From Chatgpt:
✅ Why Option A is correct:
App-only permissions with admin consent are the most sensitive, since:
They are granted tenant-wide.
They allow access without user interaction.
They're often used to read/write data for all users.
These permissions are critical for classification to ensure least privilege, track usage, and manage risk.
🚫 Why the others are incorrect:
B. Delegated permissions that require only user consent:
Lower risk.
User consent only applies to that user's data.
Usually doesn't need tenant-wide classification unless you're doing a very detailed audit.
C. App-only access permissions that require only user consent:
This combination doesn't exist.
App-only permissions always require admin consent because no user is involved.
D. Delegated permissions that require admin consent:
These are relevant but less critical than app-only in terms of broad, unattended access risk.
upvoted 2 times
...
This section is not available anymore. Please use the main Exam Page.AZ-204 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
BrownieP
Highly Voted 4 months, 2 weeks ago2f17d52
Most Recent 1 month, 2 weeks ago