question

KathyKim-1060 avatar image
0 Votes"
KathyKim-1060 asked KathyKim-1060 commented

Best Practice Guidance-App Consent

-Best Practice Guidance on App Consent Policies including:
1. Which base permission levels are considered generally ‘safe’ to allow
2. How to safely implement more restrictive policies in an existing environment (particularly with regards to understanding impact to existing consents granted by users).

azure-ad-app-consentfasttrack-azure-asia
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

jessesuna-msft avatar image
1 Vote"
jessesuna-msft answered KathyKim-1060 commented

Hi,

Microsoft recommends choosing the out-of-the-box option where users are only allowed to consent to apps from verified publishers, and only for chosen, lower risk permissions. For additional granularity, admins can also create custom consent policies, which dictate the conditions for allowing users to grant consent, including for specific apps, publishers, or permissions.

The above recommendation comes from this article "Microsoft delivers comprehensive solution to battle rise in consent phishing emails"

Configure how end-users consent to applications
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-user-consent?tabs=azure-portal

Grant tenant-wide admin consent to an application
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consent#:~:text=%20To%20grant%20tenant-wide%20admin%20consent%20to%20an,you%20agree%20with%20the%20permissions%20the...%20More%20



· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you, Jesse for your help!

0 Votes 0 ·