Authentication
Protecting APIs with Microsoft Entra ID
This article shows a practical way to protect APIs with Microsoft Entra ID by combining app roles and scopes. You learn how to design clean app registrations, how to map scopes to roles inside the API, and how to derive effective permissions for each request. The example CRM application illustrates how this model keeps authorization predictable, maintainable, and easy to reason about.
