Some permissions can be consented only by Global admin or Privileged auth admin, there's no avoiding that: https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consent
For others, you can configure custom consent policies or use "lower" roles: https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/manage-app-consent-policies
Grant admin consent for AD application(its Application permissions not delegated )
Hi Team,
We are automating for granting admin consent for azure AD application.
When ever user creating any application and add graph permissions(its application permissions not delegated), we are going to automate granting admin permissions(FYI we are approving only few permissions not all, there is a check in out script if the permission is matches then only it will grant admin consent)
Now currently based on research required global admin to approve the grant since its application permissions, now what we need is there any possibility to create any directory custom role to approve the same, we want to avoid using global admin for this.
Please suggest if any one have idea on what permissions required for custom role to approve admin grant for application permissions
1 answer
Sort by: Most helpful
-
Vasil Michev 95,666 Reputation points MVP
2021-03-01T13:30:25.04+00:00