Azure AD App Read Group membership

1
votes

I am creating a maintenance app to read all group membership from AAD.

When I logged in as user, I am able to read all details -Users and Groups. When I use powershell to read users details - I am able to do. My user have access to read AD User and Group details.

When I try to assign the permission to AD App it needs admin consent to read other user/group details. Basically Azure Graph RBAC reading other details always need admin consent. I want to accomplish the task with my user impersonation to the AD App without asking admin consent. Multifactor authentication always block me when I try to automate it. any help!

1
azureazure-active-directoryazure-ad-graph-api

1 Answers

1
votes

If you're an administrator, you can also consent to an application's delegated permissions on behalf of all the users in your tenant. This will prevent the consent dialog from appearing for every user in the tenant.

You can do this from the Azure portal from your application page. From the Settings blade for your application, click Required Permissions and click on the Grant Permissions button.

enter image description here

More details about Grant permissions to an APP in Azure AD, refer to this document.