My 3rd party Application (I am an ISV) using Read vs ReadWrite Scopes (delegate), why does ReadWrite require admin approval and Read Doesnt?
My application uses Oauth to authenticate and grant Microsoft Calendar permissions to my application to both consumer and enterprise users/tenants.
When I use the Calendars.ReadWrite, consumer users are automatically prompted to grant access (user consent), but enterprise users are shown "Need Admin Approval" when trying to connect. Similar to this: https://i.stack.imgur.com/FZbrH.png
When I only use "Calendars.Read" scope permissions on the app both consumer and enterprise users are prompted to grant access (the desired state).
I realize Read vs ReadWrite are different permissions, where in the documentation does it say that ReadWrite requires Admins to "approve" the app vs Read only does not require such approvals?
According to this no admin consent required?
Please advise. Thanks you.