![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 50%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
7,682 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 74%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDG%3C/text%3E%3C/svg%3E)
Hello,
Welcome to Microsoft Q&A,
If the application is not pre-approved by the organization or if it’s running in a personal (non-enterprise) tenant, admin consent is mandatory if the scope has high-previlage access.
-
files.readwrite.allScope: This permission grants access to all files in the user's OneDrive, which is a high-privilege scope requiring admin approval.
Grant Admin Consent (If you have admin access)
- Log into Azure Portal: Azure Portal.
- Navigate to Microsoft Entra ID --> Enterprise Applications --> Your Application.
- Click Permissions under Security in the left-hand menu.
- Click Grant admin consent for <tenant name>.
- Confirm the action.
If you don't have admin access, construct and send the below URL for the admin to provide consent to the application.
https://login.microsoftonline.com/<tenant-id>/adminconsent?client_id=<client-id>
Please Upvote and accept the answer if it helps!