You have a Microsoft 365 subscription.
You plan to deploy an app named App1 that will have the following configurations:
• Will be registered in Microsoft Entra
• Will run as a service without user interaction
• Will collect audit logs associated with user sign-ins
• Will access resources by using the Microsoft Graph API
You need to ensure that App1 can access Microsoft Graph.
What should you use?
Correct. Application permissions are for service- or daemon-type applications that need to access a web API as themselves, without user interaction for sign-in or consent. https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-configure-app-access-web-apis
Answer CL Why Application Permissions Service without User Interaction: Since App1 will run as a service without user interaction, it needs permissions that do not rely on a signed-in user. Access to Microsoft Graph API: Application permissions allow the app to access Microsoft Graph API directly, which is suitable for background services and daemons. Audit Logs: Collecting audit logs and accessing resources independently of user context requires application-level permissions.