Skip to main content

Consent Framework - Admin Consent Request - Reviewers will receive email notifications when admin consent requests are about to expire

Specifies whether reviewers will receive reminder emails

NamenotifyReviewers
ControlConsent Framework - Admin Consent Request
DescriptionRepresents the policy for enabling or disabling the Azure AD admin consent workflow. The admin consent workflow allows users to request access for apps that they wish to use and that require admin authorization before users can use the apps to access organizational data.
Severity

How to fix

Details of configuration item

Recommendation
Configurationpolicies/adminConsentRequestPolicy
SettingnotifyReviewers
Recommended Value'true'
Default Value
Graph API DocsadminConsentRequestPolicy resource type - Microsoft Graph v1.0 - Microsoft Learn
Graph ExplorerOpen in Graph Explorer

MITRE ATT&CK

TacticTechniqueMitigation
TA0001 - Initial Access - Initial Access
TA0005 - Defense Evasion - Defense Evasion
TA0006 - Credential Access - Credential Access
TA0008 - Lateral Movement - Lateral Movement		T1078 - Valid Accounts
T1528 - Steal Application Access Token
T1550 - Use Alternate Authentication Material
T1550.001 - Use Alternate Authentication Material: Application Access Token
T1566.002 - Phishing: Spearphishing Link		M1018 - User Account Management
M1017 - User Training