Delegate Login asks for "Consent on behalf of your organization"

Question

I am using the msal acquire_token_interactive method to login the user. I have User.Read and Presence.Read defined as scopes, both in the API permissions tab and in the acquire_token_interactive call.
However, when trying to login it displays "Consent on behalf of your organization", but the access shall only be for the individual user.

Answer 1

@Dominik ,

I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to "Accept " the answer.

Issue:

You were using the msal acquire_token_interactive method to login the user. You had User.Read and Presence.Read defined as scopes, both in the API permissions tab and in the acquire_token_interactive call.

However, when trying to login the prompt displayed "Consent on behalf of your organization" only for the individual user. It was not displayed consistently for all users.

Solution:

The requested permissions in the prompt are specific to the currently signed in user and their existing permissions. The "consent on behalf of your organization" checkbox only appears for admin users, since selecting the checkbox grants access to the specified resources for all users in the organization.

If you have any other questions or are still running into more issues, please let me know.
Thank you again for your time and patience throughout this issue.

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.