I am working on a simple application that shows information about the joined teams of the user. The application uses the interactive flow for authentication.
Getting the list of joined teams with GET /me/joinedTeams was easy since it only requires user consent. However, anything more than that (for example getting the list of team members for a team joined by the user or even something trivial like getting the icon of a team!) needs app permissions that require admin consent.
I have never been on the admin side of an azure tenant, so I would like to understand what admin consent exactly means:
Can the admin limit their consent to my app AND my user account? I.e. can azure be configured such that only me (as the developer) can use my application with the granted permission? Is that what "user assignment" means in the azure documentation?
And related to that (I don't think that deserves a separate posting on SO): Let's assume my app gets the TeamMember.ReadWrite.All permission with admin consent. I hope that still means that the usual user restrictions are in place. For example, a normal user will still not be able to add members to a team they do not own, right?
Thanks in advance for your help