If you locked down your Azure AD to make it so users can't consent for approval on apps, then you may end up with iPhone/iPad users trying to setup their devices with iOS 14. Well, they can't consent, and the app isn't listed in the gallery or anywhere else. The user gets a message Need admin approval for Apple Internet Accounts. Instead of turning user approval back on, or trying to get a hold of an iOS 14 device yourself, you can still do the approval.
Head over to your Azure AD tenant and grab your Tenant ID (from the Overview tab). Then modify the following URL to add your tenant ID in:
https://login.microsoftonline.com/TenantID/oauth2/authorize?client_id=f8d98a96-0999-43f5-8af3-69971c7bb423&response_type=code&prompt=admin_consent
Heading to that URL should prompt for consent, and then your users can get in. Note that i omitted the redirect_uri parameter which would send you to the next site, so it may seem to hang after you approve. Just give it 10 seconds and close it out and have the user try.