How to give admin consent for an application only for the specific user who is asking for permission

Steel Contributor

We want to control consent to enterprise applications and therefore switched to:

 

"User consent for applications: Allow user consent for apps from verified publishers, for selected permissions (Recommended)"

 

This works as expected, and now most of the times a user wants to access to an application an admin consent request is generated. When I accept the admin consent request, the application is granted access on behalf of the whole organization. I don't like this behavior, because now the application has access to potentially too much data.

 

Is it possible to use the "admin consent required" restriction, but only to grant access to the user asking for it? It seems to be possible with PowerShell, but it would be nice to use the Microsoft Entra Portal to achieve that.

4 Replies
Do you think there is a reason you cannot do that, maybe because what I'm asking is not useful at all?
Someone needs to build the UI, that's all :)

Hi Team,
I am facing issues on Giving grant admin consent through programmatically

What is the significance of admin consent, and how can it be granted programmatically for application permissions?
if any examples illustrating the process of granting specific permissions, such as "Audit Log Read All", through Microsoft Graph API?
While using Microsoft Graph API in Postman, I received a "Request Resource Not Found" error. What are common causes for this error, and how can it be addressed?
ELSE - Below Option is work or NOT
How can I create a custom app role with a specific permission, for example, "Audit Log Read All", and assign it a unique ID?

PLEASE NOTE :
I am looking for Application API - permission . Without login in it I will give grant admin permission for my various tenants applications API permissions.