Admin Consent Troubleshooting in Microsoft Entra

✅ Verify Admin Consent Has Been Granted for the Tenant

When using delegated permissions, tenant-wide admin consent must be granted by a Global Administrator to allow application access on behalf of all users in the organization.

Step 1: Check Admin Consent in Microsoft Entra

1. Sign in to the Microsoft Entra admin center.

2. In the left-hand menu, navigate to Enterprise applications.

3. Locate and select your registered application.

4. Under Security → Permissions, confirm that consent has been granted:

   • Look for the status:
     "Admin consent granted for <Smackdab>"

5. If consent has not been granted, select Grant admin consent for <Smackdab> and follow the prompts to approve permissions.

Note: Only a user with Global Administrator privileges can grant tenant-wide admin consent.

✅ Review Conditional Access Policies That May Affect Consent

Your organization may have Conditional Access policies that block or enforce re-consent, causing users to enter repeated approval loops.

Step 2: Check Conditional Access Configuration

1. In the Microsoft Entra admin center, go to Security → Conditional Access.

2. Review active policies that might:

   • Require additional user interaction for consent

   • Restrict consent based on location, device compliance, or app

3. For troubleshooting purposes, consider temporarily disabling relevant policies to determine if they are contributing to the issue.

⚠️ Coordinate any policy changes with your security team before making modifications, especially in production environments.

✅ Remove and Re-Register the Application (If Necessary)

If admin consent cannot be verified or the application continues to face issues, re-registering the application may resolve the problem.

Step 3: Remove and Re-Approve the Application

1. Go to Enterprise applications in the Microsoft Entra admin center.

2. Search for and select the application.

3. Select Delete to remove the app from your tenant.

4. Re-register the application in Microsoft Entra or Azure portal.

5. Once registered, navigate back to the application and grant admin consent.

This process resets the application's presence in your tenant and may resolve consent-related issues.