问题
The "Grant admin consent" button in the current Azure AD app registration experience (under Azure portal > Azure AD > App registrations > (app) > API permissions) is sometimes greyed out. In the legacy experience, I could always click the button.
What's the difference between the two?
回答1:
The "Grant permission" button in the legacy app registration experience behaves differently depending on what you're allowed to do:
If you're allowed to do tenant-wide admin consent, the button grants the permissions for all accounts:
If you're not allowed to do tenant-wide admin consent, the button attempts to grant the permissions for your account only:
If you're not allowed to consent even for yourself, it fail to grant any permissions:
In the new (current) app registration experience, the "Grant admin consent" button only proposes tenant-wide admin consent:
If you're allowed to do tenant-wide admin consent, the button is enabled and will result in the permissions being granted for everyone:
If you're not an admin, the button is simply disabled:
The new app registration experience does not currently offer the option for granting consent on behalf of the signed-in user only, like the legacy experience did. If you want to grant consent for yourself, the best way to do so is to actually sign in to the app, and grant consent then.
来源:https://stackoverflow.com/questions/59950232/how-is-the-grant-permissions-button-in-legacy-azure-ad-app-registration-differ