Hi,
Microsoft recommends choosing the out-of-the-box option where users are only allowed to consent to apps from verified publishers, and only for chosen, lower risk permissions. For additional granularity, admins can also create custom consent policies, which dictate the conditions for allowing users to grant consent, including for specific apps, publishers, or permissions.
The above recommendation comes from this article "Microsoft delivers comprehensive solution to battle rise in consent phishing emails"
Configure how end-users consent to applications
https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/configure-user-consent?tabs=azure-portal
Grant tenant-wide admin consent to an application
https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consent#:~:text=%20To%20grant%20tenant-wide%20admin%20consent%20to%20an,you%20agree%20with%20the%20permissions%20the...%20More%20