The correct answer is C because Microsoft explains that authorization is the process of determining whether an authenticated identity is allowed to access a resource . Microsoft Learn distinguishes authorization from authentication by stating that authentication proves who you are, while authorization decides what you can access or do after identity has been established. In Microsoft 365 and the Microsoft identity platform, authorization commonly involves permissions, scopes, roles, and consent that control access to data and services such as Microsoft Graph, Exchange, SharePoint, or Teams.

Option A is incorrect because it refers more to external identity validation or federation concepts, not authorization itself. Option B describes authentication , not authorization, since it is about verifying identity claims. Option D describes a control such as multifactor authentication or Conditional Access requirements, which can happen before access is granted, but that still is not the definition of authorization. Authorization begins after identity verification and focuses on whether the identity has the right permissions for the requested resource.