Редактиране

Споделяне чрез


Review admin consent requests

In this article, you learn how to review and take action on admin consent requests. To review and act on consent requests, you must be designated as a reviewer. For more information, check out the Configure the admin consent workflow article. As a reviewer, you can view all admin consent requests but you can only act on those requests that were created after you were designated as a reviewer.

Prerequisites

To review and take action on admin consent requests, you need:

Tip

Steps in this article might vary slightly based on the portal you start from.

To review the admin consent requests and take action:

  1. Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator who is a designated reviewer.
  2. Browse to Identity > Applications > Enterprise applications.
  3. Under Activity, select Admin consent requests.
  4. Select My Pending tab to view and act on the pending requests.
  5. Select the application that is being requested from the list.
  6. Review details about the request:
    • To see what permissions are being requested by the application, select Review permissions and consent.
    • To view the application details, select the App details tab.
    • To see who is requesting access and why, select the Requested by tab.
  7. Evaluate the request and take the appropriate action:
    • Approve the request. To approve a request, grant admin consent to the application. Once a request is approved, all requestors are notified that their request for access is granted. Approving a request allows all users in your tenant to access the application unless otherwise restricted with user assignment.
    • Deny the request. To deny a request, you must provide a justification that is provided to all requestors. Once a request is denied, all requestors are notified that their request for access is denied. Denying a request won't prevent users from requesting admin consent to the application again in the future.
    • Block the request. To block a request, you must provide a justification that is provided to all requestors. Once a request is blocked, all requestors are notified that their request to access the application is denied. Blocking a request creates a service principal object for the application in your tenant in a disabled state. Users won't be able to request admin consent to the application in the future.

To review the admin consent requests programmatically, use the appConsentRequest resource type and userConsentRequest resource type and their associated methods in Microsoft Graph. You can't approve or deny consent requests using Microsoft Graph.

Next steps