How to bypass the approval requirement and integrate with Microsoft365

Question

I am trying to link my service with a Microsoft365 user.
The client environment leaves user consent to the administrator.

The administrator's consent has been given, but when a general user tries to link with Microsoft365 again, he has to request approval again.

We have already confirmed that the following page shows the list of delegated permissions of the administrator's consent.
Enterprise Applications > Apps > Security > Permissions

The following is recorded in the sign-in log

Sign-in error code
90095
Reason for the error
Admin consent is required for the permissions requested by this application. An admin consent request may be sent to the admin.
Additional Details
MFA requirement satisfied by claim in the token

`

The scope of the application is requesting access to read and write emails, and access to the calendar.

Also, we have confirmed that if you are an administrator, you can collaborate.
How can I make sure that users can collaborate without being asked for approval?

Answer 1

The admin needs to grant permissions to the entire org, by selecting the "Consent on behalf of your organization" checkbox. Alternatively, he can grant it directly from the Azure AD blade as detailed here: https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consent

Answer 2

Hi @Vasil Michev regarding your answer, will this rid the process of constantly having to approve or deny a request for an application and make it automatic?

Answer 3

I am having this issue. Has a solution been found?