Microsoft Azure Security Technologies (AZ-500) Practice Exam 2025 – Comprehensive All-in-One Guide to Exam Success!

To allow an application registered in Azure Active Directory (Azure AD) to access Azure Key Vault secrets on behalf of users, delegated permissions are required. Delegated permissions mean that the application acts on behalf of a user and can utilize the user's identity and permissions when accessing resources.

When a user is signed in, the application can gain access to resources that the user has rights to. In this case, the Azure Key Vault requires the application to have the appropriate delegated permission to retrieve secrets. Since delegated permissions operate under the context of the signed-in user, they do not necessarily require admin consent if the permissions fall under user-level scopes that the user can grant themselves.

Thus, delegated permission without admin consent is indeed the correct choice, as it aligns with the needs for user context in accessing the secrets. Admin consent generally relates to application permissions where permissions are granted at the application level rather than user level, which is not the case here.

Therefore, the selection highlights a clear understanding of how delegated permissions function in relation to the Azure Key Vault and user context access.