Entra ID (1 / 33): You are developing a web application using ASP.Net Core. The application needs to authenticate users via Microsoft Entra ID and also access Azure Blob Storage on behalf of the authenticated users. Which of the following permissions should be set to "Delegated" in the Azure Portal to meet these requirements?
Answer:
Microsoft Graph > User.Read should be set to "Delegated". This allows the application to authenticate users and read their basic profile on their behalf.
Azure Storage > user_impersonation should be set to "Delegated". This allows the application to access Azure Blob Storage on behalf of the authenticated users.