docs: fix admin consent "Access Denied" error and missing Enterprise Application

[Copilot]

The Work IQ CLI app registration recently gained permissions targeting the Work IQ Tools MCP Server resource, whose service principal is not auto-provisioned in customer tenants. This causes the Quick Start admin consent URL to fail with an Access Denied / AADSTS error, and Work IQ never appears in Enterprise Applications.

Changes

• Quick Start — known issue callout: Explains the root cause and provides an alternative consent URL scoped to only Microsoft Graph permissions (whose service principal is universally present):

  https://login.microsoftonline.com/{tenant-id}/adminconsent?client_id=ba081686-5d24-4bc6-a0d6-d034ecffed87&scope=Sites.Read.All%20Mail.Read%20People.Read.All%20OnlineMeetingTranscript.Read.All%20Chat.Read%20ChannelMessage.Read.All%20ExternalItem.Read.All
  

• Troubleshooting table: Two new rows covering the Access Denied consent error and the missing Enterprise Application symptom, pointing users to the alternative consent URL as the workaround.

Note: A PowerShell script to provision the Work IQ MCP Server service principal and enable the full consent URL will be added in a future update once all required resource AppIds are confirmed.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[darrelmiller]

@copilot This is not the right resource AppId. Remove the script for the moment we will add it later when we get all the required resourceAppId's together.

[Copilot]

Removed the provisioning script and updated the troubleshooting table and Quick Start callout to remove all references to it. The note now says a script will be provided in a future update. (a49d054)