I am using the msal acquire_token_interactive() method to login the user. I have User.Read and Presence.Read defined as scopes, both in the API permissions tab and in the acquire_token_interactive call.
However, when trying to login it displays "Consent on behalf of your organization", but the access shall only be for the individual user.
Microsoft Graph
This MS official video finally gave me an explanation: https://www.youtube.com/watch?v=80RdKeeDTss?t=1110 "Consent on behalf of your organization" is only visible when the Admin tries to login with this app, but not "normal" users of an organization.