Default Authorization Settings - User consent policy assigned for applications
Why This Matters
Allowing non-admin users to consent to third-party applications introduces significant security risks. Malicious applications can request permissions to access sensitive organizational data, mailboxes, and files without administrator oversight. By restricting user consent to verified publishers only, you reduce the attack surface and maintain control over which applications can access your tenant resources.
What Aether365 Checks
This check verifies that the permissionGrantPolicyIdsAssignedToDefaultUserRole setting in the authorization policy is configured to restrict user consent to apps from verified publishers. In the Aether365 dashboard, this appears under entra-id checks with the identifier EIDSCA.AP08.