• Type: CUSTOMER
• Severity:  NOTICE
• Protection against: MALWARE
• CIS: M365 2.7 - (L2) Ensure the admin consent flow is enabled

This Customer Check verifies whether users need to ask an administrator to approve a new application.

Why this check?

Attackers increasingly deploy malicious Azure apps to gain access to data in your tenant. Employees are misled into believing that the app serves a legitimate purpose, but subsequently, your data is stolen or unsafe additions are made to your configuration. 

To protect employees from abuse, the admin consent flow should be enabled. When an employee wants to add an app, they will see a screen asking them to request permission from an administrator and provide their own justification. Administrators receive the request and then decide whether to allow the app or not. 

CIS Benchmarks

This measure aligns with the following item from the Center for Internet Security (CIS) Microsoft 365 Foundations Benchmark: 

• CIS M365 2.7 - (L2) Ensure the admin consent flow is enabled

What are the possible outcomes of the check?

This check has two possible outcomes. In Attic, this is reflected as follows:

• Okay: The admin consent flow is enabled
• Notice: The admin consent flow is not yet enabled

How should this be followed up?

If the output is Notice , we advise enabling this feature. Proceed as follows:

1. Open https://portal.azure.com
2. Go to Azure Active Directory
3. Select Enterprise Applications from the Azure navigation panel
4. Select User Settings
5. Set Admin consent requests to YES
6. Click on Select admin consent request reviewers and choose which administrators should serve as reviewers 
7. Select Save at the top of the screen