Forum Discussion

Kiril's avatar
Kiril
Steel Contributor
Oct 04, 2023

How to give admin consent for an application only for the specific user who is asking for permission

We want to control consent to enterprise applications and therefore switched to:

 

"User consent for applications: Allow user consent for apps from verified publishers, for selected permissions (Recommended)"

 

This works as expected, and now most of the times a user wants to access to an application an admin consent request is generated. When I accept the admin consent request, the application is granted access on behalf of the whole organization. I don't like this behavior, because now the application has access to potentially too much data.

 

Is it possible to use the "admin consent required" restriction, but only to grant access to the user asking for it? It seems to be possible with PowerShell, but it would be nice to use the Microsoft Entra Portal to achieve that.

    • Kiril's avatar
      Kiril
      Steel Contributor
      Do you think there is a reason you cannot do that, maybe because what I'm asking is not useful at all?

Resources