0

I have developed a multi-tenant Microsoft Teams tab app that is registered in Tenant 1 (where it was initially created). Interestingly, the app doesn't require admin approval in Tenant 1, but it does require admin approval when deployed to Tenant 2. I'm trying to figure out why this is happening, as I need to distribute this app across multiple tenants without requiring admin approval each time.

The app was registered using a multi-tenant Azure AD app registration. I have registered a verified domain and updated all references in my code from '/(my domain ID)' to '/common'.

The permission scopes I'm using are:

"User.Read",

"AppCatalog.Read.All",

"User.ReadBasic.All",

"Calendars.ReadWrite",

"OnlineMeetings.ReadWrite",

"People.Read".

In Tenant 2, I have ensured that the setting 'All users can consent for any app to access the organisation's data' is enabled.

Despite these settings, the app still requires admin approval when deployed to Tenant 2. Am I missing something in my configuration? Are there other factors that could cause the app to require admin approval in Tenant 2 but not in Tenant 1? Any suggestions to resolve this issue would be greatly appreciated.

DanielSCG
  • 1
  • Tracking the question from here-https://learn.microsoft.com/en-us/answers/questions/1342935/multi-tenant-teams-app-requires-admin-approval-in – Sayali-MSFT Aug 11 '23 at 06:39

1 Answers1

0

Initially I got the same error:

enter image description here

I created an Azure AD Multi-Tenant Application and added API permissions like below:

enter image description here

The error usually occurs if the Global Administrator have not granted admin consent or if the tenant has some policies applied.

You can sign-in as Global Admin grant tenant-wide admin consent:

https://login.microsoftonline.com/
organizations/adminconsent?client_id=ClientID

enter image description here

enter image description here

Go to Azure Portal -> Enterprise Applications -> Consent and Permissions -> User consent setting

Enable the option to Allow user consent for apps like below:

enter image description here

Make sure Assignment required setting is set as NO

enter image description here

If still the issue persists, try adding verified publisher MPN ID to the Azure AD Multi-Tenant application.

enter image description here

I am able to sign-in to the application using other tenant user successfully:

enter image description here

Imran
  • 3,875
  • 2
  • 3
  • 12