Ensure 'User consent for applications' Is Set To 'Allow for Verified Publishers'
Why This Matters
Allowing users to consent to application permissions without restrictions exposes your tenant to potential data exfiltration by malicious apps. When consent is limited to verified publishers, you reduce the risk of users granting broad permissions to unverified or malicious applications that could abuse privileged accounts.
What Aether365 Checks
This check verifies that the user consent setting is configured to "Allow user consent for apps from verified publishers, for selected permissions." It appears in the Aether365 dashboard under entra-id checks as ENTRA.1101.
Microsoft references
- Methods for assigning users and groups
- Active directory how applications are added
- Managing user consent for applications using office 365 apis
- Configure user consent
- Security controls v2 privileged access
- Security controls v2 privileged access
- Security controls v2 governance strategy
- Security controls v2 governance strategy