Azure Enterprise Apps missing a permission listed in the associated Azure App Registration

Jean Marie Baran 20 Reputation points
2023-10-16T16:23:19.0066667+00:00

Hello,

We have a multi-tenant App Registration which declares several API Permissions:

azure-our-permissions

Our customer referenced our App Registration in their tenant under Enterprise Apps. However some of the permissions we declared in our App Registration are missing from the matching Enterprise App (screenshot provided by our customer):

azure-their-permissions

Missing:

  • email
  • Files.Read.All
  • DeviceManagementManagedApps.ReadWrite

This is a problem particularly for the permission DeviceManagementManagedApps.ReadWrite which is missing, and causing some use cases to fail on our customer's end.

Both parties (my organization and our customer) have no clue why this is happening. How can we ensure the permissions are properly propagated from our App Registration to their Enterprise App?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,316 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,190 questions
{count} votes

Accepted answer
  1. CarlZhao-MSFT 42,611 Reputation points
    2023-10-18T07:45:00.3366667+00:00

    Hi @Jean Marie Baran

    Permissions are not synchronized in real time. When you grant new permissions to a multi-tenant application in your tenant, these permissions are not synchronized to your customer tenants that use the multi-tenant application. You must run the admin consent URL in the browser and contact the global administrator of your customer tenant to sign in and consent to these permissions.

    https://login.microsoftonline.com/{the id of your customer tenant}/adminconsent?client_id={client id}
    

    Hope this helps.

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.