Forum Discussion
3rd party applications in Azure AD
We have disabled the feature where users can consent to third-party applications accessing data on their behalf - we have seen it used as a vector for phishing attacks where malicious documents are c...
Yup, there's something similar in the works as I hinted above, I cannot share more details until it's publicly announced.
You shouldn't need to grant consent to the entire tenant though, you can just assign the app to a group of users.
For anybody else looking for the same answers - there's a admin consent preview available now
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-admin-consent-workflow
Admin consent workflow is live now. We can block the users consent to apps and enable admin consent workflow to securely approve the app consent requests.
Also, if we have any existing unnecessary applications, we can review those app permissions and remove them completely to eliminate the unwanted security risks.
