Update modules/authentication/proc-enabling-user-authentication-with-microsoft-azure.adoc

themr0c · web-flow · commit 994703399cad · 2025-06-23T15:38:44.000+02:00
diff --git a/modules/authentication/proc-enabling-user-authentication-with-microsoft-azure.adoc b/modules/authentication/proc-enabling-user-authentication-with-microsoft-azure.adoc
@@ -44,31 +44,22 @@ Enter the backend authentication URI set in {product-short}: `pass:c,a,q[{my-pro
 .. On the *Applications > App registrations > __{my-product-app-name-in-azure}__ > Manage > API permissions* page, click *Add a Permission*, click *Microsoft Graph*, click *Applications permissions*, and select the following permissions:
 
 Application Permissions::
-Enter permissions that enable provisioning user and groups to the {product-short} software catalog.
-
 `User.Read.All`:::
-
 `GroupMember.Read.All`:::
+Enter permissions that enable provisioning user and groups to the {product-short} software catalog.
++
+Optional: *Grant admin consent* for these permissions.
+Even if your company does not require admin consent, consider doing so as it means users do not need to individually consent the first time they access {product-short}.
 
 Delegated Permissions::
-Enter permissions that enable authenticating users.
-
 `email`:::
-
 `offline_access`:::
-
 `openid`:::
-
 `profile`:::
-
-Optional::: Enter optional custom scopes for the Microsoft Graph API that you define both in this section and in the `{my-app-config-file}` {product-short} configuration file.
+Enter permissions that enable authenticating users.
 +
-[NOTE]
-====
-Your company might require you to grant admin consent for these permissions.
-Even if your company does not require admin consent, you might do so as it means users do not need to individually consent the first time they access backstage.
-To grant administrator consent, a directory administrator must go to the link:https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/user-admin-consent-overview[admin consent] page and click *Grant admin consent for COMPANY NAME*.
-====
+Optional: Enter optional custom scopes for the Microsoft Graph API that you define both in this section and in the `{my-app-config-file}` {product-short} configuration file.
+
 
 .. On the *Applications > App registrations > __{my-product-app-name-in-azure}__ > Manage > Certificates & secrets* page, in the *Client secrets* tab, create a *New client secret*.
 
