check before: 2026-06-01
Product:
Entra, Exchange, Microsoft 365 Apps, Microsoft Graph
Platform:
Developer, Online, World tenant
Status:
Change type:
New feature, User impact, Admin impact
Links:
Details:
Summary:
Starting June 2026, Microsoft will update the default user consent policy for Microsoft Graph to require admin consent for additional Exchange-related permissions. Users cannot grant consent for these unless apps are approved in the Mail client policy. Existing consents and custom policies remain unaffected.
Details:
[Introduction]
As part of the Microsoft Secure Future Initiative (SFI), and in alignment with the Secure by Default principle, we're updating the Microsoft-managed default user consent policy for Microsoft Graph. This change increases administrator control over third-party application access to Exchange data and aligns default consent behavior with industry best practices for protecting email and related content.
[When this will happen]
General Availability (Worldwide): We will begin rolling out in early June 2026 and expect to complete by early July 2026.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2026-05-09
updated:
2026-05-09
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Increased Admin Control
Admin consent will be required for additional permissions to access Exchange data, limiting user autonomy and potentially delaying access to necessary applications.
- roles: Admins, End Users
- references: https://learn.microsoft.com/entra/identity/enterprise-apps/manage-app-consent-policies?pivots=ms-graph
User Experience Disruption
Users will no longer be able to grant consent for certain permissions, which may lead to frustration and hinder productivity if apps are not pre-approved.
- roles: End Users, Helpdesk Staff
- references: https://learn.microsoft.com/entra/identity/enterprise-apps/configure-user-consent?pivots=portal
Need for Policy Updates
Organizations will need to review and potentially update their app consent policies to ensure continued access to necessary applications, requiring additional administrative effort.
- roles: Admins, App Owners
- references: https://learn.microsoft.com/entra/identity/enterprise-apps/manage-app-consent-policies?pivots=ms-graph
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
XXXXXXX ... free basic plan only
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 1 month ago ago
