Configure group owner consent to apps accessing group data

Group and team owners can authorize applications, such as applications published by third-party vendors, to access your organization's data associated with a group. For example, a team owner in Microsoft Teams can allow an app to read all Teams messages in the team, or list the basic profile of a group's members. See Resource-specific consent in Microsoft Teams to learn more.

Prerequisites

To complete the tasks in this guide, you need the following:

You can configure which users are allowed to consent to apps accessing their groups' or teams' data, or you can disable this for all users.

Follow these steps to manage group owner consent to apps accessing group data:

  1. Sign in to the Azure portal as a Global Administrator.
  2. Select Azure Active Directory > Enterprise applications > Consent and permissions > User consent settings.
  3. Under Group owner consent for apps accessing data select the option you'd like to enable.
  4. Select Save to save your settings.

In this example, all group owners are allowed to consent to apps accessing their groups' data:

Group owner consent settings

Note

"User can consent to apps accessing company data on their behalf" setting, when turned off, does not disable the "Users can consent to apps accessing company data for groups they own" option

Next steps

To learn more:

To get help or find answers to your questions: