3-step handoff: stage the Azure AD app reg, grant admin consent, then verify the workspace connection. v1 walks-through only — the OAuth start endpoint returns 501 until the live wire-up lands.
Add the following delegated permissions on API permissions → Microsoft Graph:
Click Grant admin consent for <tenant> so workspace users don't see the per-user prompt on first send.
Once consent is granted, kick off the OAuth dance:
GET https://staging.neom.idcconstruct.com.au/api/v1/integrations/m365/startv1 status: 501 Not Implemented. The route exists but returns a 501 RFC 7807 problem document until the live exchange lands. The wizard still lets you continue to step 3 to test the verify surface.