Enterprise application – Admin consent workflow

The new built-in admin consent workflow within AzureAD Enterprise Application is amazing!

This feature will give you the control that you need to take care of your companies sensitive information like user id`s, files, email accounts etc.

Did you know that malicious applications is often a start of a sophisticated phising attack?

If a malicious application get`s the right permissions it could be a bad situation for your company!

Just have a look at this random application and what that app can retreive, other also gives a complete user list of all the employees back to the app developers.

In this case ALL files that this user has access to does this app now have access to read – meaning that`s there is no secrets anymore.. 

So to be able to block and and have controll over the applications that get`s granted to your AzureAD tenant you should use the new “Admin Consent Workflow” within AzureAD. This feature is in preview at the moment but I highly recomend using it.

It takes two minute to configure and after it`s configured the users see`s this when trying to connect a thirdparty application to your tenant

Admin consent user request and justification

After this request is sent – the admin that is configured within the workflow get`s an approval email and can easlly approve consents 🙂

The configuration looks like this:

Please have a look at the official documentation and enable it for your deployment!

https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-admin-consent-workflow#enable-the-admin-consent-workflow