I might be staring the problem in the face with this one. Here is what I'd like to do:
Disable users from being able to consent to 3rd party applications using their O365 credentials. I can do this in both Office365 admin panel or Azure.
As admin, select some applications, like MS Tech Comm, and consent by logging into them.
Receive a notice when users attempt to sign into a 3rd party application with their O365 credentials so I can approve it OR provision the applications one by one
It seems that when I disable Integrated apps org wide that users cannot log into any 3rd party apps regardless of whether or not I have provisioned the app for them and set the various settings through the app like "allow users to sign in" etc. When I attempt to log on with a user account I get the pop-up 'requires admin approval'.
Is the org. wide setting a blanket setting which prohibits any 3rd party application regardless of what other settings are set for each app by an administrator in Azure? Does this make any sense?