What happens if a user attempts to access Microsoft Key Vault with scope=User.Read in the Microsoft Identity platform?
scope=User.Read
The request is successful and the user can access Key Vault data.
The request fails because User.Read is intended for a different resource.
User.Read
The request fails due to insufficient user permissions.
The request is successful but the user the user can only see key names, not the key values.
The request fails because User.Read is a scope for Microsoft Graph and not valid for Key Vault. Use https://vault.azure.net/.default to access Key Vault with app-configured permissions.
https://vault.azure.net/.default