To get the most out of your officeatwork 365 add-ins it is necessary for the add-ins to be able to connect to the data the user has access to. Most data sources are built in a way that they will require a user to agree (provide consent) for an application or add-in to access the data the user has access to. In some cases, like in Office 365, the data sources will allow an administrator to provide the consent on behalf of each individual user. Once an administrator has granted an application (add-in) the permission to access the user’s data on behalf of a user (preconsent), the user will not have to provide that grant anymore as the permission to do that has already been given by the users’ administrator.
Why would an administrator want to grant access to user data on behalf of all his or her users? If a company for instance, decides that a specific add-in or app shall have access to some specific user data then it would make sense for an administrator of that organization to grant that specific add-in or app access to the user’s data so that not each user within the organization needs to grant access individually. This will increase productivity and most likely also reduce the support calls coming from users not knowing if they were allowed to give permission to any given add-in or app to their data.
You can learn more about the Microsoft Graph specific permission scopes here: https://developer.microsoft.com/en-us/graph/docs/authorization/permission_scopes