Version: 2.1.0

EIDSCA.AP08 - Default Authorization Settings - User consent policy assigned for applications.

Overview

Defines if user consent to apps is allowed, and if it is, which app consent policy (permissionGrantPolicy) governs the permissions.

Microsoft recommends to allow to user consent for apps from verified publisher for selected permissions. CISA SCuBA 2.7 defines that all Non-Admin Users SHALL Be Prevented From Providing Consent To Third-Party Applications.

Test script

https://graph.microsoft.com/beta/policies/authorizationPolicy
.permissionGrantPolicyIdsAssignedToDefaultUserRole -clike 'ManagePermissionGrantsForSelf*' -eq 'ManagePermissionGrantsForSelf.microsoft-user-default-low'

Open in Graph Explorer
authorizationPolicy resource type - Microsoft Graph v1.0 | Microsoft Learn
View in Microsoft Entra admin center

Test Metadata

Field	Value
Test ID	EIDSCA.AP08
Severity	Medium
Suite	Entra ID SCA
Category	General
PowerShell test	Test-MtEidscaAP08
Tags	EIDSCA, EIDSCA.AP08

Source

Pester test: tests/EIDSCA/Test-EIDSCA.Generated.Tests.ps1
PowerShell source: powershell/internal/eidsca/Test-MtEidscaAP08.ps1

Overview​

Test script​

Related links​

Test Metadata​

Source​

Overview

Test script

Related links

Test Metadata

Source