I was redirected here by @MicahMcKittrick-MSFT, commig from https://social.msdn.microsoft.com/Forums/en-US/4430250b-dfe8-4eba-aa15-ef55f43e608e/when-are-the-scopes-as-given-in-microsoft-account-authentication-settings-being-used?forum=AzureFunctions
Originally I raised my question at https://github.com/MicrosoftDocs/azure-docs/issues/11744
To repeat the question:
Regarding an azure function, when securing the function using "Authentication / Authorization", after selecting the Authentication Provider "Microsoft Account" there is a page which contains a ClientId, ClientSecret and some Scopes.

The question is: When are the given scopes being used? Are they somehow enforced, when accessing the function? Or are they only used when the "Action to take when request is not authenticated"-Setting is set to "Log in with Microsoft Account"?
I was redirected here by @MicahMcKittrick-MSFT, commig from https://social.msdn.microsoft.com/Forums/en-US/4430250b-dfe8-4eba-aa15-ef55f43e608e/when-are-the-scopes-as-given-in-microsoft-account-authentication-settings-being-used?forum=AzureFunctions
Originally I raised my question at https://github.com/MicrosoftDocs/azure-docs/issues/11744
To repeat the question: