Why and How applications are added to Azure AD? Scenarios, types of permissions, consent, scopes

In today’s interconnected world, identity and access management (IAM) are crucial for securing sensitive data and resources. To achieve this, various platforms such as Azure AD and Microsoft Identity Platform (MIP) provide mechanisms to control access to applications and services.

In this blog, we will explore the fundamentals of how applications are added to Azure AD, and then delve into the permission and access in Graph MIP. Finally, we will look into some access scenarios, types of permissions, consent, scopes.

Why and how applications are added to Azure AD?

Azure AD is a cloud-based IAM service provided by Microsoft. It enables organizations to manage user identities and control access to resources. Azure AD can also integrate with various cloud-based and on-premises applications to provide Single Sign-On (SSO) functionality.

Applications can be added to Azure AD in two ways. The first is through the Azure AD app gallery, where Microsoft and its partners have pre-integrated applications that organizations can easily add to their tenant. The second way is through custom integration using the Azure AD application registration portal.

To register a custom application, the first step is to have an Azure AD tenant, which is a directory of users, groups, devices, applications and etc. Once the tenant is created, we can register an application by…