The new built-in admin consent workflow within AzureAD Enterprise Application is amazing!
This feature will give you the control that you need to take care of your companies sensitive information like user id`s, files, email accounts etc.
Did you know that malicious applications is often a start of a sophisticated phising attack?
If a malicious application get`s the right permissions it could be a bad situation for your company!
Just have a look at this random application and what that app can retreive, other also gives a complete user list of all the employees back to the app developers.
![](/wp-content/uploads/2020/10/image-1.png)
In this case ALL files that this user has access to does this app now have access to read – meaning that`s there is no secrets anymore..
So to be able to block and and have controll over the applications that get`s granted to your AzureAD tenant you should use the new “Admin Consent Workflow” within AzureAD. This feature is in preview at the moment but I highly recomend using it.
It takes two minute to configure and after it`s configured the users see`s this when trying to connect a thirdparty application to your tenant
![Admin consent user request and justification](/wp-content/uploads/2020/10/image.png)
After this request is sent – the admin that is configured within the workflow get`s an approval email and can easlly approve consents 🙂
The configuration looks like this:
![](/wp-content/uploads/2020/10/image-2-1024x841.png)
Please have a look at the official documentation and enable it for your deployment!