Solving the Office 365 Error: “You can’t access this application”

Meeting Room 365 Production App needs permission to access resources in your organization that only an admin can grant. Please ask an admin to grant permission to this app before you can use it.

Solving the Office 365 Error: “You can’t access this application”

Background

Meeting Room 365 for Office 365 uses Office 365 Single-sign on, an OAuth 2.0 compliant service, to securely access calendar data stored in Office 365 Resource Mailbox calendars.

However, some Office 365 admins (for various reasons) may have disabled the installation of third-party apps which pull data from their Office 365 tenant.

To Provision Meeting Room 365 tablets, however, this must be temporarily allowed, either on a per-tenant or a per-user basis.

If you're seeing this error, the installation of third-party apps is disabled in your Azure AD tenant, and you are not a global admin.

It's totally normal and fine to disable third-party app installation by your users (who are not global admins). But, you'll need to temporarily lift this restriction to install this app as a resource mailbox user (who is not a global admin).

Need admin approval

The most common symptom of this error is an Office 365 branded error page which states:

Need admin approval

Meeting Room 365 Production App

Meeting Room 365 Production App needs permission to access resources in your organization that only an admin can grant. Please ask an admin to grant permission to this app before you can use it.

AADSTS90094: The grand requires admin permission.

An example of the error page

Solution

The solution to this issue is quite simple.

Log into the Azure Portal

https://portal.azure.com/ — You must log in as an admin

Next, click on Azure Active Directory in the left-hand menu.

Next, select Users

Then, select User Settings.

You will see a section labeled App registrations. You must select Yes to allow new permission grants to third-party apps, like Meeting Room 365.

Note: You can re-enable this restriction after completing Meeting Room 365 setup, without any negative effects. This is checked when the prompt occurs, not on token renewal. That means once authorized, third party apps are enabled until revoked (also in Azure AD, under the third-party apps page).


That’s it! Let us know if you have any issues.