Building Applications and Solutions with Microsoft 365 Core Services (legacy) — Question 3

Which type of authentication flow should you recommend for the planned integration with Office 365?

Answer options

• A. device code
• B. implicit grant
• C. authorization code
• D. client credentials

Correct answer: C

Explanation

The authorization code flow is ideal for server-side applications that need to securely interact with Office 365, as it allows for the exchange of an authorization code for an access token without exposing sensitive information. In contrast, the device code flow is better suited for devices with limited input capabilities, the implicit grant is less secure and meant for public clients, and client credentials flow is typically used for server-to-server communication, making them less appropriate for this scenario.