Admin consent apps - Block and Deny is Greyed out

Maarten_ 5 Reputation points
2023-07-11T10:42:51.6366667+00:00

Hi Everyone,

I've got a small little mystery where I'm stuck. I configure the Admin consent for application requests by users. So that not everyone can consent for themselves.

I'm a Global Admin and configured people who have the GA role to be notified and are added as a reviewer by using the Roles under the reviewer types.

This all works good, I receive a mail and can consent. However, if I would like to Deny or Block the app the buttons are greyed-out (?)

User's image

Out of pure desperation I added my account the following roles which are also added as a reviewer type.

  • Application administrator
  • Cloud Application administrator
  • Privileged role administrator

I believe I not needed to do this as I was GA but still. Unfortunately the buttons are still greyed-out for me and my colleague with the same permissions.

In an other attempted I added my user directly as a reviewer with the same affect. All stays greyed-out.

So basically I can do the consent but not the Block and Deny which I would like.
Ideas, suggestions are always welcome.

Thanks,

Maarten

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Andy David - MVP 157.8K Reputation points MVP Volunteer Moderator
    2023-07-11T11:13:22.1933333+00:00

    Is your account added here under users in addition to "Roles"?

    https://portal.azure.com/#view/Microsoft_AAD_IAM/ConsentPoliciesMenuBlade/~/AdminConsentSettings

    User's image

    1 person found this answer helpful.

  2. Will Reid 10 Reputation points
    2025-02-03T08:35:27.8466667+00:00

    A legitimate answer to this query would be nice. I am the admin of my tenant but these always go straight into the "All" section with deny or blocked greyed out.

    1 person found this answer helpful.

  3. Maarten_ 5 Reputation points
    2023-07-26T11:07:23.92+00:00

    Hi Guys,
    Some how we had a little, I need coffee moment" here.

    All was configured correctly and functioning as expected.
    However when the consent still needs to be done it's available for all the admins that can consent under the My Pending section, as the consent is still open only then you have the Block and Deny buttons available. After it has been consent it moves to All (Preview) and if you open the consent there the buttons are greyed-out. Purely because the consent was already done.

    :-)


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.