Understanding Entra Enterprise application permissions and Admin consent

Copper Contributor

Understanding how permissions work is important to security and I can say this aspect has confused me since starting to work in Azure AD. Take this example, I have an existing Enterprise app configured for 'Microsoft Graph Command Line Tools'. I believe this is the app used when connection to MS Graph via PowerShell. In the enterprise app config there are already multiple delegated permissions assigned under Admin consent, including Sign users in, View users' basic profile, and Maintain access to data. My question is though that even when I connect to Graph in powershell via Connect-MgGraph as a Global Admin, the popup stating that permissions need to be granted by an admin to access. But the app config seems to show that Admin consent permissions already exist for at least the default scope. I know I'm not understanding some nuance of permission assignment in this so if someone can point me straight, I would appreciate. THX>

0 Replies