Configure group owner consent to apps accessing group data
Group and team owners can authorize applications, such as applications published by third-party vendors, to access your organization's data associated with a group. For example, a team owner in Microsoft Teams can allow an app to read all Teams messages in the team, or list the basic profile of a group's members. See Resource-specific consent in Microsoft Teams to learn more.
To complete the tasks in this guide, you need the following:
- An Azure account with an active subscription. Create an account for free.
- A Global Administrator role.
- Set up Azure AD PowerShell. See Azure AD PowerShell
Manage group owner consent to apps
You can configure which users are allowed to consent to apps accessing their groups' or teams' data, or you can disable this for all users.
Follow these steps to manage group owner consent to apps accessing group data:
- Sign in to the Azure portal as a Global Administrator.
- Select Azure Active Directory > Enterprise applications > Consent and permissions > User consent settings.
- Under Group owner consent for apps accessing data select the option you'd like to enable.
- Select Save to save your settings.
In this example, all group owners are allowed to consent to apps accessing their groups' data:
"User can consent to apps accessing company data on their behalf" setting, when turned off, does not disable the "Users can consent to apps accessing company data for groups they own" option
To learn more:
- Configure user consent settings
- Configure the admin consent workflow
- Learn how to manage consent to applications and evaluate consent requests
- Grant tenant-wide admin consent to an application
- Permissions and consent in the Microsoft identity platform
To get help or find answers to your questions: