What is the Grant Permissions button for Azure AD web app

1
votes

This more of an admin question as far as where you might find this issue. I am working with an Azure AD web app and I am wondering what the Grant Permissions button does?

I made a test dummy MVC project to see what it did and when I grant permissions for my account for the current directory it makes the manifest unusable.

This is the view of my app in Azure AD app registrations. I've highlighted the Grant Permissions button that I am talking about. enter image description here

This is the drop down I get when clicking on the Grant Permissions button. This is the part I really don't understand and need clarification on what it's doing when I say yes. enter image description here

Basically, what can I do to undo the actions if I say yes to the Grant Permissions button for my app? But also, what exactly does the Grant Permissions do for my app? I am just a normal user in my Active Directory that has the ability to create apps in ad and edit the manifest.

Any help would be much appreciated and thanks in advance!

1
azureazure-active-directory

1 Answers

3
votes

The Grant Permissions button in the Azure Portal will perform Admin Consent on the app you have selected.

Admin Consent can accomplish a multitude of things. There are two primary use cases.

  1. If you're building a single tenant web app that calls admin and user scopes/permissions, it will consent for all users in that tenant. This will let the app call any admin scopes, and also suppress consent for all the users inside the tenant.
  2. The other use case is to consent for app only permissions, which always requires admin consent.

The Azure AD How to build a multi tenant app doc has a great section on the meaning of admin consent.

I am not aware of any way to revoke admin consent. An individual user can revoke consent they've granted through My App.