Consent Framework - Admin Consent Request - Consent request duration (days)
Why This Matters
Administrator consent requests that remain open too long expose your organization to unnecessary risk. When consent request durations are excessively long (beyond 30 days), pending requests can become stale, forgotten, or exploited, potentially allowing malicious applications to gain unauthorized access to your tenant data. Keeping consent requests within a defined timeframe ensures timely review and reduces the attack surface.
What Aether365 Checks
Aether365 verifies that the requestDurationInDays setting in the policies/adminConsentRequestPolicy is configured to 30 days or less. This check appears in your Aether365 dashboard under the entra-id section.