You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/manage-apps/configure-user-consent-groups.md
+11-11Lines changed: 11 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -23,9 +23,9 @@ In this article, you'll learn how to configure the way group and team owners con
23
23
24
24
Group and team owners can authorize applications, such as applications published by third-party vendors, to access your organization's data associated with a group. For example, a team owner in Microsoft Teams can allow an app to read all Teams messages in the team, or list the basic profile of a group's members. See [Resource-specific consent in Microsoft Teams](/microsoftteams/resource-specific-consent) to learn more.
25
25
26
-
Group owner consent can be managed in two separate ways: through *directory settings*and *app consent policy*. In the directory settings, you can enable all groups owner, enable selected group owner, or disable group owners' ability to give consent to applications. On the other hand, by utilizing the app consent policy, you can specify which app consent policy governs the group owner consent for applications. You then have the flexibility to assign either a Microsoft built-in policy or create your own custom policy to effectively manage the consent process for group owners.
26
+
Group owner consent can be managed in two separate ways: through Microsoft Entra admin center and creation of app consent policies. In the Microsoft Entra admin center, you can enable all groups owner, enable selected group owner, or disable group owners' ability to give consent to applications. On the other hand, app consent policies enable you to specify which app consent policy governs the group owner consent for applications. You then have the flexibility to assign either a Microsoft built-in policy or create your own custom policy to effectively manage the consent process for group owners.
27
27
28
-
Before utilizing the app consent policy to manage your group owner consent, you need to disable the group owner consent setting that is managed by directory settings. Disabling this setting allows for group owner consent subject to app consent policies. You can learn how to disable the group owner consent setting in various ways in this article. Learn more about [managing group owner consent by app consent policies](manage-group-owner-consent-policies.md) tailored to your needs.
28
+
Before creating the app consent policy to manage your group owner consent, you need to disable the group owner consent setting through the Microsoft Entra admin center. Disabling this setting allows for group owner consent subject to app consent policies. You can learn how to disable the group owner consent setting in various ways in this article. Learn more about [managing group owner consent by app consent policies](manage-group-owner-consent-policies.md) tailored to your needs.
@@ -34,7 +34,7 @@ Before utilizing the app consent policy to manage your group owner consent, you
34
34
To configure group and team owner consent, you need:
35
35
36
36
- A user account. If you don't already have one, you can [create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
37
-
- A Global Administrator or Privileged Administrator role.
37
+
- A Global Administrator role.
38
38
39
39
## Manage group owner consent to apps by directory settings
40
40
@@ -48,8 +48,8 @@ To configure group and team owner consent settings through the Azure portal:
48
48
49
49
Follow these steps to manage group owner consent to apps accessing group data:
50
50
51
-
1. Sign in to the [Azure portal](https://portal.azure.com) as a [Global Administrator](../roles/permissions-reference.md#global-administrator).
52
-
2. Select **Azure Active Directory** > **Enterprise applications** > **Consent and permissions** > **User consent settings**.
51
+
1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as a [Global Administrator](../roles/permissions-reference.md#global-administrator).
52
+
1. Browse to **Identity** > **Applications** > **Enterprise applications** > **Consent and permissions** > **User consent settings**.
53
53
3. Under **Group owner consent for apps accessing data** select the option you'd like to enable.
54
54
4. Select **Save** to save your settings.
55
55
@@ -60,13 +60,11 @@ In this example, all group owners are allowed to consent to apps accessing their
60
60
61
61
:::zone pivot="ms-powershell"
62
62
63
-
To manage group and team owner consent settings through directory setting by Microsoft Graph PowerShell:
64
-
65
-
You can use the [Microsoft Graph PowerShell](/powershell/microsoftgraph/get-started?view=graph-powershell-1.0&preserve-view=true) module to enable or disable group owners' ability to consent to applications accessing your organization's data for the groups they own. The cmdlets used here are included in the [Microsoft.Graph.Identity.SignIns](https://www.powershellgallery.com/packages/Microsoft.Graph.Identity.SignIns) module.
63
+
You can use the [Microsoft Graph PowerShell](/powershell/microsoftgraph/get-started?view=graph-powershell-1.0&preserve-view=true) module to enable or disable group owners' ability to consent to applications accessing your organization's data for the groups they own. The cmdlets in this section are part of the [Microsoft.Graph.Identity.SignIns](https://www.powershellgallery.com/packages/Microsoft.Graph.Identity.SignIns) module.
66
64
67
65
### Connect to Microsoft Graph PowerShell
68
66
69
-
Connect to Microsoft Graph PowerShell using the least-privilege permission needed. For reading the current user consent settings, use *Policy.Read.All*. For reading and changing the user consent settings, use *Policy.ReadWrite.Authorization*.
67
+
Connect to Microsoft Graph PowerShell and sign in as a [global administrator](../roles/permissions-reference.md#global-administrator). For reading the current user consent settings, use `Policy.Read.All` permission. For reading and changing the user consent settings, use `Policy.ReadWrite.Authorization` permission.
70
68
71
69
change the profile to beta by using the `Select-MgProfile` command
To manage group and team owner consent settings through directory setting by [Graph Explorer](https://developer.microsoft.com/graph/graph-explorer) :
159
+
To manage group and team owner consent settings through directory setting using [Graph Explorer](https://developer.microsoft.com/graph/graph-explorer):
160
+
161
+
You need to sign in as a [global administrator](../roles/permissions-reference.md#global-administrator). For reading the current user consent settings, consent to `Policy.Read.All` permission. For reading and changing the user consent settings, consent to `Policy.ReadWrite.Authorization` permission.
162
162
163
163
### Retrieve the current setting through directory settings
164
164
165
-
Retrieve the current value for the **Consent Policy Settings** from directory settings in your tenant. This requires checking if the directory settings for this feature have been created, and if not, using the second MS Graph call to create the corresponding directory settings.
165
+
Retrieve the current value for the **Consent Policy Settings** from directory settings in your tenant. This requires checking if the directory settings for this feature have been created, and if not, using the second Microsoft Graph call to create the corresponding directory settings.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments