Forum Discussion
Solved
Enterpsie application permissions for users
Hi,
I am trying to find out how to provide access for standard user accounts in Azure AD to access Microsoft Graph PowerShell. I do not want to give admin consent to the whole of AzureAD, only to a specific number of people and only specific permissions.
I need to do this as I am writing a script to report using Graph and want to use the currently logged on user for access to Graph PowerShell to retrieve the data that is needed. This will be across many tenants so to have a registered app does not work too well as each tenant will have a different app id and secret.
Does any of this make sense?
- I, by mistake, fell upon the solution. I had tried it before but it didn't work so not sure what I didn't do last time.
The solution was to set it so that users could request consent on the login page (when connecting to mg graph using "connect-mggraph"). Once I did that I, as admin, was able to approve the request and only the select permissions were added to the permissions list in the enterprise app. This, I found, made those permissions available for anyone using the enterprise app so only needed to do it once.
2 Replies
- I, by mistake, fell upon the solution. I had tried it before but it didn't work so not sure what I didn't do last time.
The solution was to set it so that users could request consent on the login page (when connecting to mg graph using "connect-mggraph"). Once I did that I, as admin, was able to approve the request and only the select permissions were added to the permissions list in the enterprise app. This, I found, made those permissions available for anyone using the enterprise app so only needed to do it once.- Once the permissions are applied, do they stay in place. They don't need to be requested each time?
