I have a Microsoft registered application.
I'm using the 'admin consent endpoint' in order to allow admins of organizations to consent to the permissions my app requires.
While I had a single organization using my app services, I had my permissions defined statically in my app page and it was working good.
Now I have multiple organizations and the permissions I need from each organization are different.
Is there a way for me to ask each tenant's admin for different permissions?
I know I can still define all of the permissions I need statically and always ask for all of them from each organization's admin, but I really rather not be asking permission I don't need and it can also deter those admins from giving their consent..
from looking in Microsoft docs I found this:
The admin consent does not accept a scope parameter, so any permissions being requested must be statically defined in the application's registration. In general it is best practice to ensure that the permissions statically defined for a given application are a superset of the permissions that it will be requesting dynamically/incrementally.
So it seems like the answer to my question is 'no', but perhaps I'm missing something? It feels weird to not be able to ask only for the permission I need...
reference page:
