Multi-Tenant Teams App requires admin approval in tenant 2 but not tenant 1
I have developed a multi-tenant Microsoft Teams tab app that is registered in Tenant 1 (where it was initially created). Interestingly, the app doesn't require admin approval in Tenant 1, but it does require admin approval when deployed to Tenant 2. I'm trying to figure out why this is happening, as I need to distribute this app across multiple tenants without requiring admin approval each time.
The app was registered using a multi-tenant Azure AD app registration. I have registered a verified domain and updated all references in my code from '/(my domain ID)' to '/common'.
The permission scopes I'm using are:
"User.Read",
"AppCatalog.Read.All",
"User.ReadBasic.All",
"Calendars.ReadWrite",
"OnlineMeetings.ReadWrite",
"People.Read".
In Tenant 2, I have ensured that the setting 'All users can consent for any app to access the organisation's data' is enabled.
Despite these settings, the app still requires admin approval when deployed to Tenant 2. Am I missing something in my configuration? Are there other factors that could cause the app to require admin approval in Tenant 2 but not in Tenant 1? Any suggestions to resolve this issue would be greatly appreciated.
Initially I got the same error:
I created an Azure AD Multi-Tenant Application and added API permissions like below:
The error usually occurs if the Global Administrator have not granted admin consent or if the tenant has some policies applied.
You can sign-in as Global Admin grant tenant-wide admin consent:
https://login.microsoftonline.com/
organizations/adminconsent?client_id=ClientID
Go to Azure Portal -> Enterprise Applications -> Consent and Permissions -> User consent setting
Enable the option to Allow user consent for apps like below:
Make sure Assignment required setting is set as NO
If still the issue persists, try adding verified publisher MPN ID to the Azure AD Multi-Tenant application.
I am able to sign-in to the application using other tenant user successfully:
- Azure Maps rejecting Route Request with ZipCode
- Create-React-App hosted in Azure getting a 404 with manual refresh or by typing the url manually on any page except the home page
- Why I'm getting 404 Resource Not Found to my newly Azure OpenAI deployment?
- Scanning for malware in files uploaded to Azure
- Azure blob, controlling filename on download
- How to delete/clear active/dead-letter messages from Azure Service Bus Queue?
- How to Generate .AAB file and Sign Android app Bundle using azure pipeline
- Get Access Token from Microsoft Graph for ClientId with delegated permissions
- Can't create password containing parentheses in Azure CLI
- Azure Web App Cannot Access Azure Container Registry Using Managed Identity
- Azure Access token just created but not capable to verify that is authentic
- Querying azure table storage for null values
- Azure App Functions, Storage queue trigger
- Error while running Terraform Import Command to import Azure Key Vault
- How to get Node.js app running on Azure App Service?
- K6 - Azure Blob Storage Authentication
- how to deprovision iotedge module and reconnect to a different iothub
- How to get the Azure assistant to use the vector store using SDK
- How can I invoke Azure Trusted Signing from a Linux OS?
- How to get client IP address in Azure Functions node.js?
- Get request headers in azure functions NodeJs Http Trigger
- Terraform Azure include NSG with subnet deployment
- What is preventing AKS from pulling images from ACR?
- Make Azure Keyvault secrets available in entire pipeline
- How to read S/MIME mails and their attachements
- Use delegated permissions with Client App Registration
- Unable to connect to Azure Function App after integrating into VNET
- add-kdsrootkey error the request is not supported
- How do you use Active Directory in a "hosted solution"?
- How can I select the proper openai.api_version?