To ensure that all users can consent to apps that require permission to read their user profile and prevent them from consenting to apps that require any other permissions, you can configure the user consent settings in the Microsoft Entra admin center. Here’s how you can do it:
Sign in as a Global Administrator:
Access the Microsoft Entra admin center with Global Administrator privileges.
Navigate to user consent settings:
Go toIdentity>Applications>Enterprise applications>Consent and permissions>User consent settings1.
Configure the consent settings:
Under User consent for applications, select the option that allows users to consent to apps that only require permission to read their user profile.
Ensure that all other permissions are set to require administrator consent, thus preventing users from consenting to apps that require additional permissions1.
Save the settings:
After configuring the consent settings, select Save to apply the changes.
By following these steps, you will have configured the system to allow user consent for apps that need to read the user profile while blocking consent for apps that require additional permissions. This setup helps maintain user autonomy where appropriate while safeguarding against unauthorized access to broader permissions.
