EIDSCA.AP08 test fails when no User Consent is configured.

[michelderooij]

Scenario: The ManagePermissionGrantsForSelf is not configured (admin-only consent).

Test: https://graph.microsoft.com/beta/policies/authorizationPolicy .permissionGrantPolicyIdsAssignedToDefaultUserRole | Sort-Object -Descending | select-object -first 1 = 'ManagePermissionGrantsForSelf.microsoft-user-default-low'

EIDSCA.AP08 test fails because permissionGrantPolicyIdsAssignedToDefaultUserRole does not contain ManagePermissionGrantsForSelf and returns something else, in my case:

Your tenant is configured as ManagePermissionGrantsForOwnedResource.microsoft-dynamically-managed-permissions-for-team. The recommended value is 'ManagePermissionGrantsForSelf.microsoft-user-default-low' for policies/authorizationPolicy

If admin-only is configured (more strict), result should be Pass.