Microsoft Security | Microsoft Graph
An API that connects multiple Microsoft services, enabling data access and automation across platforms
Problem with user consent
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 35%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
Labulle22
20
Reputation points
Hi all,
My app uses several user delegated permissions among which 2 (ChannelMessage.Read.All & User.Read.All) have been granted by my organization's admins. I'm now checking the getting of the access token with a small Python script.
As long as my script only asks for the permissions that don't need admin approval, all is fine, the end user is displayed the consent prompt and if he accepts he gets an access token.
But as soon as my script asks for all permissions granted to my app (that is also those that need an admin approval), consent prompt is no longer displayed and a popup with error message "needs permission to access resources in your organization that only an admin can grant. Please ask an admin to grant permission to this app before you can use it." appears.
I don't understand this behavior because consent policy in my organization is:
Allow user consent for apps (All users can consent for any app to access the organization's data.
Could that be that despite the fact that in my organization all users can consent, they cannot consent for permissions ChannelMessage.Read.All and/or User.Read.All? Any way to check that in Azure portal (without admin role)?
Microsoft Security | Microsoft Graph
Sign in to answer