From ba653ba8ee602d9a7bd778630c7ceeb82354c215 Mon Sep 17 00:00:00 2001
From: tomatsue <tomatsue@microsoft.com>
Date: Thu, 25 Dec 2025 05:03:11 +0900
Subject: [PATCH] Update AdminConsentRequired explanation in permissions doc

Clarified the behavior of AdminConsentRequired and its relation to user consent settings and app consent policies.
---
 concepts/permissions-reference.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/concepts/permissions-reference.md b/concepts/permissions-reference.md
index 9d30f9fbdb6..ef11191407a 100644
--- a/concepts/permissions-reference.md
+++ b/concepts/permissions-reference.md
@@ -23,6 +23,9 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000
 
 [!INCLUDE [auth-use-least-privileged](../includes/auth-use-least-privileged.md)]
 
+> [!Note]
+> **AdminConsentRequired** indicates whether a permission can be granted by a non-admin user. However, actual end-user consent behavior also depends on your tenant’s **user consent settings** and **app consent policies**. Even when **AdminConsentRequired = No**, your organization may still require admin consent based on these policies. For details, see [Manage app consent policies](https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/manage-app-consent-policies), which describes **Microsoft recommended current settings** where user consent is restricted for certain delegated permissions.
+
 <!-- Autogenerated content starts here. Do not manually update. Manual updates are overwritten in weekly updates. If you see an error in this article, file a documentation issue instead. See https://github.com/microsoftgraph/microsoft-graph-docs-contrib/blob/main/CONTRIBUTING.md#ways-to-contribute -->
 
 ## All permissions