Skip to main content

Consent Framework - Admin Consent Request - Policy to enable or disable admin consent request feature

Defines if admin consent request feature is enabled or disabled


Name	isEnabled
Control	Consent Framework - Admin Consent Request
Description	Represents the policy for enabling or disabling the Azure AD admin consent workflow. The admin consent workflow allows users to request access for apps that they wish to use and that require admin authorization before users can use the apps to access organizational data.
Severity

How to fix

Details of configuration item


Recommendation
Configuration	policies/adminConsentRequestPolicy
Setting	`isEnabled`
Recommended Value	'true'
Default Value	false
Graph API Docs	adminConsentRequestPolicy resource type - Microsoft Graph v1.0 - Microsoft Learn
Graph Explorer	Open in Graph Explorer

MITRE ATT&CK

Tactic	Technique	Mitigation
TA0001 - Initial Access - Initial Access TA0005 - Defense Evasion - Defense Evasion TA0006 - Credential Access - Credential Access TA0008 - Lateral Movement - Lateral Movement	T1078 - Valid Accounts T1528 - Steal Application Access Token T1550 - Use Alternate Authentication Material T1550.001 - Use Alternate Authentication Material: Application Access Token T1566.002 - Phishing: Spearphishing Link	M1018 - User Account Management M1017 - User Training

How to fix
- Details of configuration item
MITRE ATT&CK