Your company has an Azure AD tenant that contains the users shown in the following table.
You have the app registrations shown in the following table.
A company policy prevents changes to user permissions.
Which user can create appointments in the calendar of each user at the company?
To create appointments in the calendar of each user at the company, the user must have Calendar.ReadWrite permission with Application type. In this case, User2 is using App2 which has the Calendars.ReadWrite of type Application permission, enabling User2 to write to all user calendars in the company.
User2 has Application.write Permission
User2 is the only one with write permission
B. User2
B. User2
B. User 2. See: https://learn.microsoft.com/en-us/graph/permissions-reference
user2 uses app2, which is the only app with readWrite
Correct Answer A , user 1 only as API will read only
my mistake , the given answer is correct, User2
I think this is incorrect. User2 only has access for App2. The question asks for which user can write to calendar for all users. The other users aren't assigned to App 2, so User2 won't be able to write anything for them.
That's not how app permissions work. User2 will be able to use App2, which has permissions to write to all calendars in the tenant.
That's not how app permissions work. User2 will be able to use App2, which has permissions to write to all calendars in the tenant.
For me correct answer is B User2 is the only one who has access to Application.write for the calendar.
I think this is incorrect. User2 only has access for App2. The question asks for which user can write to calendar for all users. The other users aren't assigned to App 2, so User2 won't be able to write anything for them.
That's not how app permissions work. User2 will be able to use App2, which has permissions to write to all calendars in the tenant.
That's not how app permissions work. User2 will be able to use App2, which has permissions to write to all calendars in the tenant.
The correct answer is C. User3. User3 can create appointments in the calendar of each user at the company because User3 has the Calendar.ReadWrite permission for the App1 app registration. This permission allows User3 to read and write events in all calendars that the app can access. User1, User2, and User4 cannot create appointments in the calendar of each user at the company because they do not have the Calendar.ReadWrite permission for any app registration. User1 and User2 only have the User.Read permission for App1 and App2, respectively. This permission allows them to read basic user profile information, but not calendar events. User4 does not have any permissions for any app registration.
In practice, if you find an easy way to modify users calendars as an exchange admin without granting yourself access to their calendar, let me know. As presented, user2 has read.write to their own calendar and can create it
Answer B) User2 This user is the only one with the "Calendars.ReadWrite of type Application". This gives them access to write to ALL calendars. https://learn.microsoft.com/en-us/graph/permissions-reference#calendarsreadwrite
Answer B. User2 In this scenario, User2 uses App2, which has "Calendars.ReadWrite" of type Application permission. This permission allows creating, reading, updating, and deleting calendar events for all users in the organization