Skip to main content

Consent Framework - Admin Consent Request - Consent request duration (days)

Specifies the duration the request is active before it automatically expires if no decision is applied


Name	requestDurationInDays
Control	Consent Framework - Admin Consent Request
Description	Represents the policy for enabling or disabling the Azure AD admin consent workflow. The admin consent workflow allows users to request access for apps that they wish to use and that require admin authorization before users can use the apps to access organizational data.
Severity

How to fix

Details of configuration item


Recommendation
Configuration	policies/adminConsentRequestPolicy
Setting	`requestDurationInDays`
Recommended Value	'30'
Default Value
Graph API Docs	adminConsentRequestPolicy resource type - Microsoft Graph v1.0 - Microsoft Learn
Graph Explorer	Open in Graph Explorer

MITRE ATT&CK

Tactic	Technique	Mitigation
TA0001 - Initial Access - Initial Access TA0005 - Defense Evasion - Defense Evasion TA0006 - Credential Access - Credential Access TA0008 - Lateral Movement - Lateral Movement	T1078 - Valid Accounts T1528 - Steal Application Access Token T1550 - Use Alternate Authentication Material T1550.001 - Use Alternate Authentication Material: Application Access Token T1566.002 - Phishing: Spearphishing Link	M1018 - User Account Management M1017 - User Training

How to fix
- Details of configuration item
MITRE ATT&CK