Microsoft Security, Compliance, and Identity Fundamentals (SC-900) Practice Exam

Authorization is indeed used to determine the level of access a user has to a resource. When a user is authenticated, meaning their identity has been verified, authorization takes the next step to define what that user can do with the resources they can access. This involves setting permissions that dictate actions such as reading, writing, modifying, or deleting data.

In a security context, authorization is crucial for protecting sensitive information and ensuring that users only have access to the resources necessary for their roles. For example, an employee in the finance department may have access to financial records, while an employee in a different department may not. This principle of least privilege helps mitigate the risk of unauthorized access and helps maintain the integrity and confidentiality of the data.

Overall, the statement is true because authorization directly relates to establishing the scope of permissions and access rights associated with a user’s identity in a system.