Allow User Consent per Scope
Provide option to allow admins to control which scopes the user can consent to, rather than the blanket disable available currently in "User settings".
Primarily this would be helpful to allow users to consent to apps that only require access to "Sign in and read user profile" (User.Read) for SSO purposes but not scopes that potentially contain sensitive company data.
Thanks for your feedback. This feature is currently in our backlog. We expect to make good progress on the incoming months.
The idea is that as an Admin, you can have a list of low risk permissions that the users can consent to.
Please keep voting and subscribing so we can update you when we have a more concrete plan.