Which other organisation data shared to Azure application owner

Question

I have created Azure enterprise app (MyABCAzureApp) using my organisation domain abc.com and integrated client id , redirect URL in my mobile iOS app.

My mobile app can be used by other organisation like pqr.com, xyz.com. Now Admin of other organisation need to add MyABCAzureApp in their Azure portal. And let say other organisation's Admin grant permission for my MyABCAzureApp Azure app and users of that organisation able to use mobile application. Is this Azure workflow understanding correct for other organisation?

1. Asan Azure app owner, what kind of other organisation data I can access?
2. How Azure app make sure privacy of other organisation data like user info, organisation data, etc?
3. Any document provided by Microsoft for privacy between organisation?

Answer 1

The workflow you describe is essentially correct. Depending in the scopes that your app asks for, admin consent may not be required. Individual users may be able to provide consent the first time that they log in. Admin consent does give a nicer user sign in experience and may be required if your app asks for "admin consent required" scopes.

The answers to your specific questions are:

1. The data your app can access depends on the scopes that your application registration asks for (and are therefore approved by the other organisation admin)
2. This is the whole point of the permission scopes. E.g. if your app doesn't have permission to read a user's mail then any attempt to do so will fail. If a scope is granted, however, then Microsoft does not have any control over what your app does with the access.
3. This is a very broad question (and technically, asking for off-site resources is off-topic for Stack Overflow) but you could start here