Typically this error is received when trying to get access to an AAD application registration. Please note that there are two different Microsoft application portals:<\/p>\n
https:\/\/portal.azure.com<\/a>\u00a0 (v1 application portal) and the https:\/\/myapps.microsoft.com<\/a> (v2 application portal).<\/p>\n For details on the different application models, please visit the following link: <\/p>\n These different application models require different processes in order to resolve the AADSTS90094 error.<\/p>\n <\/p>\n If you are using an AAD Application Registration under the URL portal.azure.com,\u00a0 then all that needs to be done is to click the “Grant Permissions” button.<\/p>\n <\/p>\n <\/p>\n To apply the permission scopes to the application, use the “Grant Permissions” button.\u00a0 If any of the permission scopes check in the Enable Access<\/strong> blade have Yes <\/em><\/strong>in the “REQUIRES ADMIN” column then a user with administrative permissions on the tenant will need to complete the consent process by clicking the “Grant Permissions” button.<\/p>\n <\/p>\n <\/p>\n This is also described in the article : https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/application-dev-registration-config-grant-permissions-how-to<\/a><\/p>\n <\/p>\n The link describes a second way to grant permissions.<\/p>\n <\/p>\n <\/p>\n Sometimes the tenant doesn\u2019t allow users to consent for an application to access data on their behalf. This switch is shown in the picture below:<\/p>\n <\/p>\n If the admin disabled users to be able to consent to allow third-party multi-tenant applications access their user profile data in the directory, the admins must consent to these applications before users may use them.<\/p>\n In this scenario, your app can require the users to provide the email of the admin of their tenant and send the admin-consent link to the admin.<\/p>\n <\/p>\n Essentially in order to resolve the issue, you will have to get a global admin to generate the URL below. This is taken from the link : <\/span>https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/application-dev-registration-config-grant-permissions-how-to<\/a><\/p>\n You can construct a request to login.microsoftonline.com<\/strong> with your app configs and append on &prompt=admin_consent<\/strong>. After signing in with admin credentials, the app has been granted consent for all users.<\/em><\/p>\n So it would look like the below URL (replace with your app configs):<\/p>\n In order to grant admin consent to a multi-tenant application you have in your tenant you won’t be able to press the grant permissions button since the Application Registration is in the creator’s tenant where the original AAD Application Registration in. If you’re receiving this error when trying to grant admin consent to a multi tenanted AAD Application you will need to get a global admin to grant admin consent on behalf of all the users in the tenant, following the same steps in the section before.<\/p>\n You will have to create this URL :<\/p>\n Replacing the fields respectively with your tenant ID, Client ID, Redirect URI, and resource. Please contact the main multi-tenant AAD Application owner for information on the resource URI, it can be found in the original AAD Application Registration’s properties.<\/p>\n <\/p>\n
\nWhat’s different about the v2.0 endpoint?<\/a><\/p>\nV1 Application Resolution<\/h1>\n
NOTE: All application permissions require a tenant administrator to complete the consent process by clicking the “Grant Permissions” button.<\/h4>\n
![\"image\"](\"\/wp-content\/uploads\/2018\/04\/image_thumb361.png\" "\\"image\\"")
<\/a><\/p>\n![\"image\"](\"\/wp-content\/uploads\/2018\/04\/image_thumb362.png\" "\\"image\\"")
<\/a><\/p>\nV1 Application User Consent Disabled<\/h1>\n
![\"image\"](\"\/wp-content\/uploads\/2018\/05\/image_thumb39.png\" "\\"image\\"")
<\/a><\/p>\nhttps:\/\/login.microsoftonline.com\/<tenant-id>\/oauth2\/authorize?client_id=<client id>&response_type=code&redirect_uri=<Your-Redirect-URI-Https-Encoded>&nonce=1234&resource=<your-resource-Https-encoded>&prompt=admin_consent<\/code><\/pre>\nV1 Enterprise Application\/ V1 Multi-tenant Applications Requiring Admin Consent<\/h1>\n
https:\/\/login.microsoftonline.com\/<tenant-id>\/oauth2\/authorize?client_id=<client id>&response_type=code&redirect_uri=<Your-Redirect-URI-Https-Encoded>&nonce=1234&resource=<your-resource-Https-encoded>&prompt=admin_consent<\/code><\/p>\nV2 Application Resolution<\/h1>\n