Azure AD – You can now configure Admin Consent workflow

As you may already know, applications integrated with Azure AD may required administrators consent to allow them access your Azure AD data (for example read user profile).

When a user tries to access an application with requires admin consent but has not been approved it, it starts to be a long support process to get the application.

Good news, the admin consent process has been updated to be more streamlined; you can now configure a workflow to let Azure AD administrators review and approve/decline requests.

First things first, you need to have enable the Users can request admin consent to apps they are unable to consent to preview capability available under Enterprise Applications\User Settings from either your Azure portal ( and accessing your Azure AD blade or your Azure AD portal (


When enabling this option, you can select the Azure AD administrator(s) to received the notification; unfortunately for now (maybe a preview limitation) you can not define a group of users.

Then next time a user tries to use to access an application which has not been yet granted by an administrator, they will get the ability to send a request while providing the required access level for the application; they have to fill a justification for the request

image_thumb[4]  image_thumb[5]

Then the defined administrators will receive an email notification; they can also check from the Enterprise applications\Admin consent requests blade (to which the Review request button sends to)

image_thumb[7]  image_thumb[6]

From there they can now approve or decline the request


Benoit Hamet
Benoit Hamet
Benoit is working on Microsoft collaborative technologies He has been awarded as MVP for more than 12 years Currently MVP on Office 365 after being awarded on SharePoint (2011-2012) and Windows client & server (2002-2007) Speaker at various Microsoft events (TechDays, TechNet seminars) and Quest Software He works on on-premises (Active Directory, RADIUS/NPS, Exchange, Skype for Business, SharePoint, SQL, Terminal Server, Windows client and Windows Server) or online (Azure, Intune, Office 365, Exchange Online, SharePoint Online, Skype for Business Online, Teams) technologies