Ensure 'User consent for applications' is set to 'Do not allow user consent'
Why This Matter
Allowing users to consent to applications accessing company data bypasses critical security guardrails. Malicious applications can trick users into granting permission, potentially leading to data exfiltration or abuse of privileged accounts. Restricting consent to administrators ensures that only vetted, approved applications gain access to your organization's resources.
What Aether365 Checks
Aether365 verifies that "User consent for applications" is set to "Do not allow user consent" in Microsoft Entra ID. This check appears in the Aether365 dashboard under the entra-id checks section.
Microsoft references
- Methods for assigning users and groups
- Active directory how applications are added
- Managing user consent for applications using office 365 apis
- Configure user consent
- Security controls v2 privileged access
- Security controls v2 privileged access
- Security controls v2 governance strategy
- Security controls v2 governance strategy