25,130 questions
Is your account added here under users in addition to "Roles"?
https://portal.azure.com/#view/Microsoft_AAD_IAM/ConsentPoliciesMenuBlade/~/AdminConsentSettings
Admin consent apps - Block and Deny is Greyed out
Maarten_
5
Reputation points
Hi Everyone,
I've got a small little mystery where I'm stuck. I configure the Admin consent for application requests by users. So that not everyone can consent for themselves.
I'm a Global Admin and configured people who have the GA role to be notified and are added as a reviewer by using the Roles under the reviewer types.
This all works good, I receive a mail and can consent. However, if I would like to Deny or Block the app the buttons are greyed-out (?)
Out of pure desperation I added my account the following roles which are also added as a reviewer type.
- Application administrator
- Cloud Application administrator
- Privileged role administrator
I believe I not needed to do this as I was GA but still. Unfortunately the buttons are still greyed-out for me and my colleague with the same permissions.
In an other attempted I added my user directly as a reviewer with the same affect. All stays greyed-out.
So basically I can do the consent but not the Block and Deny which I would like.
Ideas, suggestions are always welcome.
Thanks,
Maarten
Microsoft Security | Microsoft Entra | Microsoft Entra ID
3 answers
Sort by: Most helpful
-
Andy David - MVP 157.8K Reputation points MVP Volunteer Moderator2023-07-11T11:13:22.1933333+00:00 -
Maarten_ 5 Reputation points
2023-07-11T11:22:33.1666667+00:00 Hi Andy,
Thanks for the quick reply.
The answer is yes, it's added as a user under reviewers and it's in the Azure Roles I specified as a reviewer as well.
I amused (I know amusing is wrong) I only needed one, that's why I choose reviewer Roles.I am in all of the roles, to be sure.
Sign in to comment -
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 6%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWR%3C/text%3E%3C/svg%3E)
Will Reid 10 Reputation points2025-02-03T08:35:27.8466667+00:00 A legitimate answer to this query would be nice. I am the admin of my tenant but these always go straight into the "All" section with deny or blocked greyed out.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 9%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEM%3C/text%3E%3C/svg%3E)
Elizabeth McMurray 5 Reputation points2025-02-20T23:20:21.51+00:00 I think adding the account explicitly to the users fixes it going forward. However, it won't fix any of the already pending requests, as it only affects new entries after that point, not retrospectively.
At least based on testing where it now works for some of my customers I was helping previously, even though it didn't at the time I was trying to troubleshoot.
I don't understand why allowing permissions is considered more permissible by Microsoft compared to blocking permissions...
Sign in to comment -
-
Maarten_ 5 Reputation points
2023-07-26T11:07:23.92+00:00 Hi Guys,
Some how we had a little, I need coffee moment" here.All was configured correctly and functioning as expected.
However when the consent still needs to be done it's available for all the admins that can consent under the My Pending section, as the consent is still open only then you have the Block and Deny buttons available. After it has been consent it moves to All (Preview) and if you open the consent there the buttons are greyed-out. Purely because the consent was already done.:-)
-
Andy David - MVP 157.8K Reputation points MVP Volunteer Moderator
2023-07-26T11:16:41.1366667+00:00 Thank you for the follow up!
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 97%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGC%3C/text%3E%3C/svg%3E)
Glenn.C 0 Reputation points2025-01-15T11:50:54.6766667+00:00 What? Is have a request that I KNOW for sure that no admin has given consent. I can not see it in "My pending", but I can see it under "All (Preview)". It has status "Not reviewed" but the buttons are still greyed out...
I am a Global Admin.
Help?
-
Will Reid 10 Reputation points
2025-02-03T08:34:12.7+00:00 Same. I am the one who would approve such things but it has already moved from My pending to All.
Sign in to comment -