🔥 3-day streak
Microsoft Azure Solutions Architect Expert27 / 187
Question 27 of 187

A SaaS company runs a multi-tenant line-of-business web application registered in Microsoft Entra ID. The application needs to authorize users into three permission levels (Reader, Contributor, Administrator) that are specific to this application only. The security team requires that the permission assignment appear directly in the user's access token as a claim, that assignments are managed per-application without polluting the directory with hundreds of security groups, and that a partner ISV consuming the same app can reuse the identical authorization model. Which approach should you recommend?

Reviewed for accuracy · Report an issueNext question