When I try to login, it says “Need admin approval.” How do I get past it?

If you’re using Outlook and have setup the MS365 integration, you might see the following screen the next time you try to login:

Why users may see “Need admin approval” after EmailAnalytics is set up

After an IT admin connects EmailAnalytics to Microsoft 365, Azure Entra creates an Enterprise Application and applies your organization’s consent and access policies to it.

In many tenants, these policies restrict end users from granting certain Microsoft Graph permissions (especially mailbox access) on their own. When a non-admin user later tries to sign in, Azure Entra evaluates the sign-in request against those policies. If the requested permissions require admin approval or the app is configured to require assignment, the user is blocked and shown the “Need admin approval” message.

This behavior is expected and controlled entirely by tenant security settings. It does not indicate a misconfiguration of Microsoft 365 or EmailAnalytics, and it commonly appears only after IT becomes involved and formal app governance policies are applied.

The steps below explain how to resolve this in a tenant-safe way.

Simplest solution: Try logging again using “reduced access login:”

Using “Reduced access login” allows you to login to EmailAnalytics without consenting to any mail scopes. This should enable you to login without needing admin approval.

Click here to login with reduced access.

Alternative solutions (For IT admins only):

Part 1: Grant admin consent for the app

If you are the IT admin, click this link to grant the required permissions: 

https://login.microsoftonline.com/organizations/adminconsent?client_id=8389df80-c8ba-456b-a834-ea2bc8f788b2&redirect_uri=https://v2.emailanalytics.com

Click “Properties” in the left navigation and ensure that the following settings are set:

• Enabled for users to sign-in? Yes
• Assignment required? No
• Visible to Users? Yes