Hi all,
Just wondering if anyone has been successful in connecting a .Net application using the Microsoft.Identity.Client to NHS Mail.
I can get so far but always prevent by an authorisation message that requires admin approval. I’m not sure if we have configured something wrong within the mailbox/NHS process or if we are missing something when implementing.
Any assistance would be greatly appreciated.
Hi Steve,
Sorry to hear you’re experiencing issues connecting your .NET application to NHS Mail using the Microsoft.Identity.Client library.
You will have to reach out to the NHS Mail team to help resolve this.
The “admin approval required” message is a common hurdle when integrating applications with Azure AD, which NHS Mail uses for authentication and authorisation.
The approval is triggered when your application is requesting permissions where user consent settings in Azure AD are restricted: The NHS Mail tenant may have policies that prevent users from consenting to any applications, even those requiring low-privilege permissions.
Before you do that, please check the Scopes/Permissions in your application code and Azure AD app registration, you’re requesting during authentication. Ensure you’re only requesting the minimal permissions necessary for your application to function.
Some of the common permissions that require admin consent are:
Mail.ReadWriteUser.Read.AllDirectory.Read.AllPlease review the guidance and the reach out to the NHSMail team via : Custom and Third Party Approved Applications – NHSmail Support
The API Platform team can only address queries relevant to the NHS England API platform, including security, rate limiting, logging, monitoring and alerting. For any API specific queries, please reach out the relevant API teams.
Thanks,
NHS England API Platform team