App registered with Application.ReadWrite.OwnedBy permissions in azure has additional permission on consent page

0
votes

App registered with Application.ReadWrite.OwnedBy permissions in azure has additional permission on consent page.

  1. I registered an app in portal.azure.com with application permission 'Application.ReadWrite.OwnedBy'
  2. when i try to get the consent using https://login.microsoftonline.com/organizations/v2.0/adminconsent?client_id=myid&redirect_uri=redirecturl&state=state1234&scope=https://graph.microsoft.com/.default

i get additional permission(sign in and read user profile) displayed on consent page. I did not set that permission, but it is still displayed on consent page. how can i avoid this using admin consent endpoint?

1
azureazure-active-directoryoffice365microsoft-graph-api

1 Answers

0
votes

I can reproduce your issue.

enter image description here

I suppose that the sign in and read user profile is used to check if the user account is the admin.

Actually, even if you click the Accept button, the sign in and read user profile permission will not be granted for the service principal(Enterprise Application), so don't worry about that.

Check the service principal(Enterprise Application), there is just Application.ReadWrite.OwnedBy.

enter image description here