I am trying to find out how to provide access for standard user accounts in Azure AD to access Microsoft Graph PowerShell. I do not want to give admin consent to the whole of AzureAD, only to a specific number of people and only specific permissions.
I need to do this as I am writing a script to report using Graph and want to use the currently logged on user for access to Graph PowerShell to retrieve the data that is needed. This will be across many tenants so to have a registered app does not work too well as each tenant will have a different app id and secret.
I, by mistake, fell upon the solution. I had tried it before but it didn't work so not sure what I didn't do last time. The solution was to set it so that users could request consent on the login page (when connecting to mg graph using "connect-mggraph"). Once I did that I, as admin, was able to approve the request and only the select permissions were added to the permissions list in the enterprise app. This, I found, made those permissions available for anyone using the enterprise app so only needed to do it once.