So you're a developer, and you're using Microsoft Entra ID for user authentication? And you've heard of roles and scopes (and that they're not the same thing) and application access vs delegated access and stuff (but you're not really sure what's what)? And, maybe, sometimes you feel that it would be nice to have user information available in downstream backend services, but it's just too difficult to implement? Then this talk is for you. First off, we'll cover why this thing called On-Behalf-Of authentication is relevant - for meeting auditing requirements, achieving low coupling, and achieving a Zero Trust Architecture. Then, we'll talk about how this actually works in Microsoft Entra ID, based on what you already know as a dev. And of course we'll also demo how to actually implement it using Entra ID and .NET. So whether you're not sure yet if this is worth your trouble, or are already sold on the idea and want to make it happen, this talk is for you.