Hi @Piyumi Perera · Thank you for reaching out.
As of now, the tenant administrator can only approve all application permissions that you have added for your app in the app registration portal. When you specify a particular permission in your call to adminconsent endpoint, it uses the concept of Dynamic Consent and adds the permissions as delegated permissions. Application permissions don't support dynamic consent as of now, which means new application permissions can't be added dynamically by adding to the the scope parameter in the authentication call or to the call for adminconsent endpoint. Existing Application permissions can't be consented individually and all application permissions added to the applications needs to be consented by the admin.
Which means, you can use:
- Either use below call for V1 endpoint: https://login.microsoftonline.com/{tenant}/adminconsent?client_id=6731de76-14a6-49ae-97bc-6eba6914391e&state=12345&redirect_uri=http://localhost/myapp/permissions
- Or use below call with V2 endpoint: https://login.microsoftonline.com/{tenant}/v2.0/adminconsent?client_id=6731de76-14a6-49ae-97bc-6eba6914391e&scope=https://graph.microsoft.com/.default&state=12345&redirect_uri=http://localhost/myapp/permissions
the results will be same.
Read more: Request the permissions from a directory admin
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.