Skip to main content

Consent Framework - Admin Consent Request - Consent request duration (days)

Specifies the duration the request is active before it automatically expires if no decision is applied

NamerequestDurationInDays
ControlConsent Framework - Admin Consent Request
DescriptionRepresents the policy for enabling or disabling the Azure AD admin consent workflow. The admin consent workflow allows users to request access for apps that they wish to use and that require admin authorization before users can use the apps to access organizational data.
Severity

How to fix

Details of configuration item

Recommendation
Configurationpolicies/adminConsentRequestPolicy
SettingrequestDurationInDays
Recommended Value'30'
Default Value
Graph API DocsadminConsentRequestPolicy resource type - Microsoft Graph v1.0 - Microsoft Learn
Graph ExplorerOpen in Graph Explorer

MITRE ATT&CK

TacticTechniqueMitigation
TA0001 - Initial Access - Initial Access
TA0005 - Defense Evasion - Defense Evasion
TA0006 - Credential Access - Credential Access
TA0008 - Lateral Movement - Lateral Movement
T1078 - Valid Accounts
T1528 - Steal Application Access Token
T1550 - Use Alternate Authentication Material
T1550.001 - Use Alternate Authentication Material: Application Access Token
T1566.002 - Phishing: Spearphishing Link
M1018 - User Account Management
M1017 - User Training