This article describes Microsoft Azure Active Directory (AD) application consent as part of OnePlan security.
The application permission request approval is part of OnePlan technical readiness. See Complete the OnePlan setup actions.
When setting up OnePlan, administrators, and users (depending on your organization), may encounter an application permission request. This request is standard with Microsoft authentication. See Azure AD app consent experiences - Microsoft identity platform | Microsoft Docs for more information on Azure AD application consent.
The app permission is delegated, meaning OnePlan itself does not get access to your Azure AD, nor do we collect any identifying information, including user names and passwords. OnePlan acts on behalf of the user who has logged in with their Microsoft account.
Once approved, an enterprise app registration is added in Azure AD for OnePlan. The screenshot below details all of the permissions granted to OnePlan as an Azure AD enterprise app. See Microsoft Graph permissions reference and Quickstart: Configure an app to access a web API - Microsoft identity platform, for more detail on what these permissions mean.
The application permission is the same whether approved per user or on behalf of the organization by an administrator.