HOTSPOT
You administer an Azure Active Directory (Azure AD) tenant.
You add a custom application to the tenant.
The application must be able to:
Read data from the tenant directly.
Write data to the tenant on behalf of a user.
In the table below, identify the permission that must be granted to the application. Make only one selection in
each column.
Hot Area:
Explanation:
You can select from two types of permissions in the drop-down menus next to the desired Web API:* Application Permissions: Your client application needs to access the Web API directly as itself (no user
context). This type of permission requires administrator consent and is also not available for Native client
applications.
* Delegated Permissions: Your client application needs to access the Web API as the signed-in user, but with
access limited by the selected permission. This type of permission can be granted by a user unless the
permission is configured as requiring administrator consent.
https://azure.microsoft.com/en-us/documentation/articles/active-directory-integrating-applications/