...
https://login.windows.net/common/oauth2/authorize?response_type=code&client_id=32f1d4ba-7de3-40c3-bf1c-7ddf725eab8c&redirect_uri=https%3a%2f%2fmy.nebulasynchronizer.com%2fExternal%2fO365OAuthCallback&resource=https%3a%2f%2foutlook.office365.com%2f&state=fd860836-dad7-41b7-819a-f131f887b3fc&prompt=consent
Note on the Azure option "User can consent to apps accessing company data on their behalf"Users can consent the synchronizer app to access data. It is usually not allowed by organizations, only azure admins are allowed to consent to access data, but when creating a profile in the sync we need permissions. So Either the azure admin should create a profile and accept the permissions or allow users to consent
It does not have to be on with bypass if the profile is already created and if admin is only linking users. If admin wants to create a new profile and if he does not have azure admin access then this needs to be enabled. it is one time thing, after profile is created (ensuring bypass is on) then we do need this anymore. azure admin can revoke this setting
to recap: When set to Yes, users can allow the permissions It has to be set to Yes to allow for the creation of the Profile But can be turned to No once the profile is created. And then the Bypass option should be on |