Hello MP732,
Welcome to the Microsoft Q&A and thank you for posting your questions here.
Regarding your questions.
When adding new permissions to MultiTenant enterprise app, does it notify the tenant account admins to grant admin consent?
When new permissions are added to a MultiTenant enterprise app, tenant account admins are not automatically notified to grant admin consent. Admin consent must be granted either when a user or admin accesses the app for the first time or by using an admin consent URL. https://learn.microsoft.com/en-us/answers/questions/543582/is-there-a-way-to-grant-admin-consent-to-a-multi-t
Looking to see if Entra pushes a notification to the tenant accounts that have the application as an enterprise application if that application updates their permissions.
Entra does not push notifications to tenant accounts when an enterprise application updates its permissions. https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/grant-admin-consent
If not, is there a way to do this using Graph API?
You can use Microsoft Graph API to create a custom notification system and you can periodically check for permission changes and send notifications to the relevant admins by doing the followings:
- Use the Graph API to list service principals and their permissions.
- Compare the current permissions with previously stored permissions.
- If there are changes, send notifications to the tenant admins
I hope this is helpful! Do not hesitate to let me know if you have any other questions.
** Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful ** so that others in the community facing similar issues can easily find the solution.
Best Regards,
Sina Salam