cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Re. App Registrations and Ent Apps user settings

RippieUK
Brass Contributor

‎May 05 2020 01:21 AM

‎May 05 2020 01:21 AM

Re. App Registrations and Ent Apps user settings

Hi all, 

I need some help trying to understand this better so I can set the correct settings.

 

In Azure AD under User Settings, there is a section about App Registrations with a YES / NO toggle switch to allow users to register applications. mine is currently set to No but is that the best setting?

 

Under Enterprise Applications > User Settings I have a no to users being able to consent to apps accessing company data on their behalf. Again mine is set to No and I have set up the Admin consent requests (Preview) to notify me an my colleague looking after Azure.

 

But since setting these 2 no we obviously got support tickets about letting apps integrate into Microsoft Teams or hamon.ie integrate into Sharepoint etc etc.

 

I am not sure if I am being too harsh setting both to know and is causing more work for myself for very little gain. the reason in the first place i put these to No was because i saw a growing list of apps in the Enterprise Applications screen.

 

This morning i had a request email coming from Azure to allow access for harmon.ie to access data for one employee. We actually use harmonie on 20-30 machines i am told so i am going to allow it but will it ask me again if a new employee wants to use it or can i approve this globally for our tenant ?

 

I do not know if there are any concerns over letting users app register and consent other than a growing list of apps of course.

 

Would really appreciate some advice on this 

 

-- ronnie

 

1,100 Views
0 Likes
3 Replies
Reply
3 Replies
best response confirmed by RippieUK (Brass Contributor)
Thijs Lecomte

‎May 05 2020 01:42 AM

‎May 05 2020 01:42 AM

Solution

Re: Re. App Registrations and Ent Apps user settings

Hi Ronnie

I have blogged about that one: https://365bythijs.be/2020/01/05/protecting-against-oauth-attacks-setting-up-admin-consent-workflow/

To summarize:
I agree with your choice to disable user consent to applications, for security reasons. It is safer that way.

If you approve the app for one user, another user can get access to that app without needing approval from you again

0 Likes
Reply
RippieUK

‎May 05 2020 02:46 AM

‎May 05 2020 02:46 AM

Re: Re. App Registrations and Ent Apps user settings

@Thijs Lecomte Thank you for confirming :) I am glad I was not completely far off with this :)

0 Likes
Reply
ChristianBergstrom

‎May 05 2020 03:49 AM

‎May 05 2020 03:49 AM

Re: Re. App Registrations and Ent Apps user settings

@RippieUK It all comes down to balancing security vs user-friendliness, as long as your end-users not complaining you're all good ;) We on the other hand need to carefully raise all (almost) configuration up for management approval, which can be quite frustrating sometimes.

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by RippieUK (Brass Contributor)
Thijs Lecomte

‎May 05 2020 01:42 AM

‎May 05 2020 01:42 AM

Solution

Re: Re. App Registrations and Ent Apps user settings

Hi Ronnie

I have blogged about that one: https://365bythijs.be/2020/01/05/protecting-against-oauth-attacks-setting-up-admin-consent-workflow/

To summarize:
I agree with your choice to disable user consent to applications, for security reasons. It is safer that way.

If you approve the app for one user, another user can get access to that app without needing approval from you again

View solution in original post

0 Likes
Reply