Understanding the Azure AD application consent experience
Applications that are registered inside Azure AD and are integrated with the Microsoft identity platform can be accessed by end users using various accounts, such as their work or school accounts. Using these accounts, applications can access the data from your organization where they have been granted permission.
Before the application can access the data, an end user or tenant admin must grant the application permissions to do so. Different permissions allow different levels of access, as we covered in the previous chapter. The actual user experience of granting consent will differ, depending on the policies that have been set on the user's Azure AD tenant, the role that the user has inside the tenant, and the permissions that are being requested by the application.
This means that both tenant administrators and application developers have some control over the consent experience of the end user. Administrators...