Status: IN
Azure identity-to-authorization follows a two-stage chain with distinct lifecycle and evaluation models: Entra provides identity through either a two-object app/service-principal model (manual lifecycle) or managed identities (auto-lifecycle tied to resource), then RBAC provides authorization through additive union of all role assignments evaluated against ARM scope hierarchy — identity type determines lifecycle complexity while role assignment scope determines access breadth.