question

MiguelAlexCantu avatar image
0 Votes"
MiguelAlexCantu asked ·

Will Enterprise Applications ever just "show up" upon consent?

We have a couple of Enterprise Applications - "Zoom1" and "Zoom2" we'll call them - that we believe might have been auto generated upon a user's consent when logging in with their corporate email. Is that something that Azure does, or is our imagination getting the best of us?

-Alex

azure-active-directory
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

joonasw avatar image
3 Votes"
joonasw answered ·

Yes, when a user or admin consents to a multi-tenant application, a service principal (enterprise app) is created in your tenant. Permissions granted within your tenant are granted to this service principal.

· 2 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks, joonasw. Are mutli-tenant applications something that has to be manually configured before the service principle is created? It sounds like these service principles are auto-generated without any pre-configuration on our side. Am I hearing that right?

0 Votes 0 ·

They are auto-generated upon consent.

If you wish, you can disable user consent in your tenant so only an admin can consent to new applications/permissions.
That does have its downsides too :)

1 Vote 1 ·
MiguelAlexCantu avatar image
0 Votes"
MiguelAlexCantu answered ·

If anyone is curious. There is some more information about this behavior here:

https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-how-applications-are-added

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MrAzureAD avatar image
0 Votes"
MrAzureAD answered ·

Actually, user consent should be disabled by default and enabled only if you know what you are doing. At least our users would not read nor understand the permission screen and consent to any application. This opens the door to data leakage. The admin consent experience has some issues, but there were some recent improvements that make it more usable.

Just my 2ct,
MrAzureAD

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.