Dec 15 2022 06:34 AM
What added value will this add-on provide towards OAUTH access and the features provided by MDCA and the default Azure AD?
Based on: https://learn.microsoft.com/en-us/defender-cloud-apps/app-governance-manage-app-governance?view=o365...).
I'm still struggling what the additional benefits of using this add-on are. Especially as we currently already have limited access via Azure AD enterprise application settings to manage user consent.
Based on the basic features of MDCA it looks like I'm able to assess App access and App activity. But it seems still to be "labor intensive". While I can manage it more fine-grained compared to the settings in Azure AD, I can define, allow "everything and review" or "block everything and allow the white list of already reviewed applications". But what automation is possible, is there a way I can create an approval workflow based on the requesting user, so an assigned "role" can assess instead of a generic admin?
Am I able to report the privileges the app is asking/using, as well am I able to limit some access privileges while I'm still allowing the remaining access?
Can this be done already, or do I need the ADD-ON for it?