Yes, based on my testing, I can confirm that this is the expected behavior.
When you log in as an administrator to the /authorize
endpoint and set the scope
to https://graph.microsoft.com/.default
, your administrator will be able to grant admin consent on behalf of the organization for all permissions, including application permissions. As such, there is no difference between this and the /adminconsent
endpoint.
It is important to note that the /adminconsent
endpoint is for organization-level consent, while the /authorize
endpoint allows the logged-in user to grant user consent.
Hope this helps.
If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.