Choose Option A for an approval-based rollout (users request access, admins approve) or Option B for a seamless rollout (admin approves once, everyone can connect).

Option A (Recommended)

This option forces users into the “Request approval” flow when admin consent is required: users submit a reason, admins get an email, and users get notified once approved.

  • Enable the Admin consent workflow
    • Path: Enterprise applications → Consent and permissions → Admin consent settings
    • Do this: Set Users can request admin consent = Yes, add Reviewers (admin user/group), enable Email notifications for reviewers and requestors.
  • Configure User consent so users can’t self-consent
    • Path: Enterprise applications → Consent and permissions → User consent settings
    • Do this: Choose Let Microsoft manage your consent settings
  • Permission classifications (allows end users to grant an app delegated permission to read and write their calendars without requiring admin approval)
    • Path: Enterprise applications → Consent and permissions → Permission classifications
    • Do this: Add Calendars.ReadWrite to LOW

Option B

This option removes the approval prompt: an admin grants tenant-wide consent once, and then all users can connect without requesting access

  • Grant tenant-wide admin consent for Meetical
    • Path: Enterprise applications → Meetical for Confluence → Permissions
    • Do this: Click Grant admin consent (tenant-wide) for the requested Microsoft Graph permissions.
  • Make sure the app does not require per-user assignment
    • Path: Enterprise applications → Meetical for Confluence → Properties
    • Do this: Set User assignment required? = No (otherwise only assigned users can use the app).
  • (Optional) Keep the Admin consent workflow enabled
    • Path: Enterprise applications → Consent and permissions → Admin consent settings
    • Do this: You can leave it enabled; it won’t trigger for Meetical once the required permissions are already consented.

Note: These settings apply tenant-wide in Microsoft Entra, not just to Meetical—please align with your security owner/team before enabling them.