May 05 2020 01:21 AM
Hi all,
I need some help trying to understand this better so I can set the correct settings.
In Azure AD under User Settings, there is a section about App Registrations with a YES / NO toggle switch to allow users to register applications. mine is currently set to No but is that the best setting?
Under Enterprise Applications > User Settings I have a no to users being able to consent to apps accessing company data on their behalf. Again mine is set to No and I have set up the Admin consent requests (Preview) to notify me an my colleague looking after Azure.
But since setting these 2 no we obviously got support tickets about letting apps integrate into Microsoft Teams or hamon.ie integrate into Sharepoint etc etc.
I am not sure if I am being too harsh setting both to know and is causing more work for myself for very little gain. the reason in the first place i put these to No was because i saw a growing list of apps in the Enterprise Applications screen.
This morning i had a request email coming from Azure to allow access for harmon.ie to access data for one employee. We actually use harmonie on 20-30 machines i am told so i am going to allow it but will it ask me again if a new employee wants to use it or can i approve this globally for our tenant ?
I do not know if there are any concerns over letting users app register and consent other than a growing list of apps of course.
Would really appreciate some advice on this
-- ronnie
May 05 2020 01:42 AM
SolutionMay 05 2020 02:46 AM
@Thijs Lecomte Thank you for confirming :) I am glad I was not completely far off with this :)
May 05 2020 03:49 AM
@RippieUK It all comes down to balancing security vs user-friendliness, as long as your end-users not complaining you're all good ;) We on the other hand need to carefully raise all (almost) configuration up for management approval, which can be quite frustrating sometimes.
May 05 2020 01:42 AM
Solution