Azure Entra ID authentication can feel like a collection of APIs that behave like characters in a sitcom, where each answer immediately raises two more questions. This session cuts through that confusion and gives you a clear mental model of how authentication in Entra ID actually works. We will begin with the core building blocks, including what an app registration is, why enterprise applications exist, and how service principals fit into the picture as the operational identities behind the scenes.

From there we will go looking through the layers of tokens, permissions, and consent, and then continue into more advanced territory. Topics like credential federation, cross tenant application access, and secure automation scenarios will be explored with a mix of conceptual diagrams and real code. You will see smorgasbord of patterns that come up in real world systems so you can understand how the pieces behave under different conditions.

If you have ever tried to understand why an application object lives in one tenant while its service principal shows up in another, wondered how delegated and application permissions actually differ in practice, or simply want to level up your ability to design and debug auth in cloud systems, this talk is for you. You will leave with a deeper understanding of Entra ID, practical insights you can apply immediately, and a clearer picture of how authentication really works across the Microsoft cloud.