Permissions and Consent Framework

Microsoft Entra ID
Microsoft 365

The Microsoft identity platform implements the OAuth 2.0 authorization protocol. This protocol is a method that a third-party app can access web-hosted resources on behalf of a user. The web-hosted resources can define a set of permissions that you can use to implement functionality in smaller chunks. Developers can leverage one of two types of permissions supported by the Microsoft identity platform depending on the app scenario. In this module, you'll learn the different types of permissions and consent framework models for obtaining permissions from users to use them in apps.

Learning objectives

At the end of this module, you should be able to:

  • Compare and contrast different permission types supported by the Microsoft identity platform
  • Compare and contrast the difference between static and dynamic consent in user permissions
  • Create an app that implements dynamic consent for incrementally obtaining permissions as needed from users


  • Basic knowledge of OAuth authentication flows and terminologies
  • Ability to develop with ASP.NET Core at the intermediate level
  • Ability to develop with JavaScript or TypeScript at the intermediate level
  • Experience using Visual Studio Code at the beginner level
  • Access to a Microsoft 365 tenant