Only administrators SHALL be allowed to consent to applications.

Why This Matters

Allowing all users to consent to applications creates a significant security vulnerability. Malicious applications can trick users into granting permissions that expose sensitive data or allow unauthorized access to your tenant. Restricting consent to only administrators ensures that all application permissions are vetted by a trusted authority before being granted.

What Aether365 Checks

This check verifies that the "Users can consent to apps accessing company data on their behalf" setting is configured to disallow user consent, limiting consent to only administrators. It appears in the Aether365 dashboard under the entra-id (Microsoft Entra ID) checks for CIS compliance.