Microsoft GraphAPI authorization request with scope Calendars.ReadWrite asking for admin approval

0
votes

I am redirecting user to login and authorize my application to read/write to his Office 365 calendar. This works perfectly for normal users, but when someone signs in with their work account they get "Need admin approval" approval.

But according to documentation the Calendars.ReadWrite shouldn't require Admin Consent, as mentioned here;

https://docs.microsoft.com/en-us/graph/permissions-reference#calendars-permissions

Also when scope is Calendars.Read there is no "Need admin approval" and authorization works for organization/work accounts.

So is there any way to avoid admin consent requirement for Calendar.ReadWrite authorization requests.

1
oauth-2.0azure-active-directorymicrosoft-graph-apimicrosoft-graph-calendar

1 Answers

0
votes

If you are told you need admin approval for a permission scope that normally does not require admin consent, it means your organization's admins have disabled your ability to consent to that permission. Tenant administrators can disable your ability to consent to Graph permissions scopes for any apps that they have not approved. In that case, you'll see this error.

You'll need to work with your administrators to get approval, use a personal Microsoft account (Outlook.com), or use a test Microsoft 365 tenant with Exchange Online.