Allow User Consent per Scope
Provide option to allow admins to control which scopes the user can consent to, rather than the blanket disable available currently in "User settings".
Primarily this would be helpful to allow users to consent to apps that only require access to "Sign in and read user profile" (User.Read) for SSO purposes but not scopes that potentially contain sensitive company data.
We have started the work on this capability. I’ll share more information about the ETA as we get closer to a public preview. Current ETA is by end of April.