![\"Calendy](\"https:\/\/i.imgur.com\/DJCxoWB.png\")
<\/p>\nImagine the following scenario :<\/p>\n
Your customer’s CEO has seen the proverbial light and instead of being the M365 lemming that everybody else is, he’s heard of Calendly; a nice app that allows meeting requests to be made under your M365 tenant in a way more covenient way than the default Microsoft Bookings can do.<\/p>\n
So being the good customer that he is, he just clicks on the “log in with your M365 credentials” button and clicks next-next-next, granting this app access to calendars and whatnot.<\/p>\n
<\/p>\n
… were it not that (luckily) your M365 environment blocks this behaviour by default for non-admin users, so (if you did your homework, as an IT implementor), your customer’s CEO does not have an admin role on his production account.<\/p>\n
The quick-and-dirty solution would be to grant the user temporary rights to install the app, after which you take away his rights.
\nAny update on the app would require you to do the same.<\/p>\n
<\/p>\n
As the Beach Boys already suggested in 1966, it would be nice … to handle this whole situation in a more structured way, because nothing screams chaos<\/strong> more than this sort of procedures.<\/p>\n An ideal situation would be that your customer automatically created a support ticket in your organisation’s helpdesk software, whereas he requests access to this app be granted to him. Well… that’s possible.<\/p>\n The feature is called “Admin consent workflow” and I’ll show you how to quickly configure this, so your support team gets a hassle-free notification.<\/p>\n <\/p>\n First of all, turn on the feature in the following menu :<\/p>\n Entra.MIcrosoft.com<\/a> > (the entra admin center, where you log in as admin) This will allow you to pick users (or specific groups or even roles) to be notified, by mail, that user X<\/strong> wants to install company app Y\u00a0<\/strong>.<\/p>\n Seeing as most helpdesk systems support mail-to-ticket , that already solves your ticketing system automation, by adding that support mailbox to the notifications, allowing you to receive this request in your ticketing system. \u2705<\/p>\n <\/p>\n The next and most logical step is to do something with this notification as a support engineer\/admin.<\/p>\n Easy enough:<\/p>\n Open that very same entra admin<\/a> <\/strong>page and go to … The screenshot above shows you the approval list under “My pending” , where you can either Approve, Deny or Block the request. <\/p>\n In a small environment of 5 users, this procedure is to be handled perfectly easy.
\nAfter you verify if this app is trustworthy.<\/p>\n
\nEnterprise Apps >
\nConsent and Permission >
\nAdmin consent settings.<\/p>\n![\"Screenshot](\"https:\/\/learn.microsoft.com\/en-us\/entra\/identity\/enterprise-apps\/media\/configure-admin-consent-workflow\/enable-admin-consent-workflow.png\")
![\"Yes,](\"http:\/\/zupertails.be\/wur\/wp-content\/uploads\/2026\/05\/admin-consents-1024x418.png\")
\nEnterprise Apps >
\nActivity >
\nAdmin Consent Requests (or “Aanvragen voor toestemming van de beheerder” as it is so beautifully stated in the Dutch version)<\/p>\n
\nThe following Microsoft article explains in more detail what the 3 actions have as consequence :
\nhttps:\/\/learn.microsoft.com\/en-us\/entra\/identity\/enterprise-apps\/review-admin-consent-requests<\/strong><\/a>
\n…but judging by the names of the three options, I guess you can already tell.<\/p>\nDon’t Hassle the Hoff<\/h2>\n
\nIn a 300+ users environment, this becomes quite a hassle.
\nThere’s somewhat of an inbetween automated solution to making your admin life easier.<\/p>\n
![\"\"](\"http:\/\/zupertails.be\/wur\/wp-content\/uploads\/2026\/05\/user-setting-1024x401.png\")
<\/p>\n![\"\"](\"http:\/\/zupertails.be\/wur\/wp-content\/uploads\/2026\/05\/classifications-1024x582.png\")
<\/p>\n