I am a developer working on an application that will access O365 data via the Graph API. I have registered an application under my own account. I have authentication working on a per-user basis. Now I am trying to get it to work so that a tenant administrator can grant permission to my application for data access on an organization-wide basis. I have this working as well - I used the /adminconsent endpoint to bring the administrator to a page where he granted the consent.
What I am wondering about is the line in the documentation that says "You can rely on an administrator to grant the permissions your app needs at the Azure portal". I am trying to figure out what that procedure is so I can document it for admin users. I thought perhaps it was to add an Enterprise Application (via the Identity category) but at this point, Azure wants the tenant admin to upgrade his Azure service, and I'm pretty sure there must be another way to do this - what am I not seeing?