An admin consent workflow SHALL be configured for applications.

Why This Matters

Without an admin consent workflow, users can grant permissions to applications without oversight, potentially exposing your organization to malicious apps that request excessive access to data. This bypasses security controls and can lead to data leakage or privilege escalation. Configuring a consent workflow ensures that all app permission requests are reviewed by authorized administrators before approval.

What Aether365 Checks

This check verifies that an admin consent workflow is enabled in Microsoft Entra ID for your tenant. It appears in the Aether365 dashboard under the entra-id service checks.