How to Fix Admin consent required

Error message

AADSTS65001 / Need admin approval — admin consent required for this app.

If you're seeing "Admin consent required", you're not alone. Here's what it means, why it happens, and the steps to resolve it.

Ad placeholder · slot error-mid

What this error means

The application is requesting permissions that require an Entra administrator to consent on behalf of the organization before any user can use it.

Why this happens

The app requests application permissions (which always require admin consent), the tenant disables user consent, or the requested delegated permission is in the admin-only category.

Step-by-step fix

Identify the exact app and permissions requested (Entra → Enterprise applications → <app> → Permissions).
If you're an admin, click Grant admin consent for <tenant>.
If you're not an admin, submit an admin consent request via the consent prompt. The admin will approve it in Entra → Enterprise applications → User settings → Admin consent requests.
For PowerShell apps that show this on first connect, an admin can preconsent by running Connect-MgGraph with `-Scopes` and accepting the consent prompt while signed in as an admin.

Affected products

Entra ID

Still broken? Try these

Review user consent settings: Entra → Enterprise applications → Consent and permissions.
Check that the app's required permissions match what's actually called — overly broad scopes are a common reason admins decline.
If the app uses Verified Publisher, confirm publisher verification is intact.

Ad placeholder · slot error-bottom

Related errors

Frequently asked questions

What does "Admin consent required" mean?

The application is requesting permissions that require an Entra administrator to consent on behalf of the organization before any user can use it.

What causes "Admin consent required"?

The app requests application permissions (which always require admin consent), the tenant disables user consent, or the requested delegated permission is in the admin-only category.

How do I fix "Admin consent required"?

1. Identify the exact app and permissions requested (Entra → Enterprise applications → <app> → Permissions). 2. If you're an admin, click Grant admin consent for <tenant>. 3. If you're not an admin, submit an admin consent request via the consent prompt. The admin will approve it in Entra → Enterprise applications → User settings → Admin consent requests. 4. For PowerShell apps that show this on first connect, an admin can preconsent by running Connect-MgGraph with `-Scopes` and accepting the consent prompt while signed in as an admin. Always test changes in a non-production environment first.

Browse more errors in Entra ID: Fix Microsoft Entra ID (Azure AD) errors. AADSTS error codes, admin consent, app role assignment, Conditional Access, and user lookup problems. Or paste your own error into the error decoder tool to find a match. You can also go back to the homepage to browse common errors by topic.