Illicit Consent Grant

The organization must allow user consent for apps to got low impact permissions. Organizations can not allow user consent, only allow consent for verified publishers, have a custom policy, or allow user consent for all apps. With inside or account knowledge there is no way to know without simply testing.

Application Administrators can consent to higher level permissions. This is the Application Administrator role, but without inside information you will have to target all or likely users. Once complete, you will be able to upload files to the user's OneDrive.