Review admin consent requests

In this article, you learn how to review and take action on admin consent requests. To review and act on consent requests, you must be designated as a reviewer. For more information, check out the Configure the admin consent workflow article. As a reviewer, you can view all admin consent requests but you can only act on those requests that were created after you were designated as a reviewer.

Prerequisites

To review and take action on admin consent requests, you need:

• An Azure account. Create an account for free.
• One of the following roles: Global Administrator, Cloud Application Administrator, Application Administrator, or owner of the service principal.

Review and take action on admin consent requests

To review the admin consent requests and take action:

1. Sign in to the Azure portal as one of the registered reviewers of the admin consent workflow.

2. Select All services at the top of the left-hand navigation menu.

3. In the filter search box, type and select Azure Active Directory.

4. From the navigation menu, select Enterprise applications.

5. Under Activity, select Admin consent requests.

6. Select My Pending tab to view and act on the pending requests.

7. Select the application that is being requested from the list.

8. Review details about the request:

   • To view the application details, select the App details tab.
   • To see who is requesting access and why, select the Requested by tab.
   • To see what permissions are being requested by the application, select Review permissions and consent.

   

9. Evaluate the request and take the appropriate action:

   • Approve the request. To approve a request, grant admin consent to the application. Once a request is approved, all requestors are notified that they have been granted access. Approving a request allows all users in your tenant to access the application unless otherwise restricted with user assignment.
   • Deny the request. To deny a request, you must provide a justification that will be provided to all requestors. Once a request is denied, all requestors are notified that they have been denied access to the application. Denying a request won't prevent users from requesting admin consent to the application again in the future.
   • Block the request. To block a request, you must provide a justification that will be provided to all requestors. Once a request is blocked, all requestors are notified they've been denied access to the application. Blocking a request creates a service principal object for the application in your tenant in a disabled state. Users won't be able to request admin consent to the application in the future.

Review admin consent requests using Microsoft Graph

To review the admin consent requests programmatically, use the appConsentRequest resource type and userConsentRequest resource type and their associated methods in Microsoft Graph. You cannot approve or deny consent requests using Microsoft Graph.

Next steps

• Review permissions granted to apps
• Grant tenant-wide admin consent