Repeated requests to approve 3rd party app consent
Hello - I am coming across an issue in an environment where Azure Cloud App Admins / Global Admins are receiving repeated email approval requests to approve permissions for 3rd party apps when admin access on behalf of the tenant has been previously approved and granted. Does anyone know why this happens or a way to stop it? The tenant is configured with this: This issue occurs for multiple apps. When the second or third request from an end user comes in for the same app, I have already gone into the Enterprise App in Azure AD and confirmed that the permissions the end user and app is requesting have already been granted by an admin. Example: Thank you!
Missing Entra ID Enterprise Applications for AVD
Hello All, We are starting on our AVD adventure and currently I'm struggling with the preparations for a CA policy. In the documentation, it is shown that several Enterprise Applications should be present: https://learn.microsoft.com/en-us/azure/virtual-desktop/set-up-mfa?tabs=avd#configure-sign-in-frequency These 3 are nowhere to be found: Azure Virtual Desktop, Microsoft Remote Desktop, Windows Cloud Login Do you have to create these manually? I found an AVD quickstart guide (https://www.policypak.com/resources/pp-blog/windows-virtual-desktop/) which mentions the following site to create Enterprise Applications: https://rdweb.wvd.microsoft.com/ This is expected? Where can I find these applications? I've deployed my first hostpool and when trying to login with my Entra ID account, then I get the following in the sign-in logs: The app is trying to access a service '{appId}'({appName}) that your organization '{organization}' lacks a service principal for. Contact your IT Admin to review the configuration of your service subscriptions or consent to the application in order to create the required service principal. This is however pointing to yet another Application: Windows Virtual Desktop Client Can anyone shed some light on this for me? Thanks!
Unused Enterprise applications
I inherited an Azure\Entra AD domain with a crazy number of Enterprise applications configured. Some going back 5, 6 or more years. Practically all of them are configured to not require user assignment so I have no idea of who might be using these, if they are being used at all. Is there a way to determine last time any of these where actually used? I want to get rid of anything that doesn't need ot be there.
