• Validating scopes
• With the RequiredScopes attribute
• With authorization policies
• Validating scopes or app permissions
• Filtering tenants
• Other forms of authorization