Best practices

Users can consent to Apps accessing company data on their behalf


'User settings' is default configurations of consent and permissions for all tenant users. External and internal applications can get user profiles containing private information such as phone numbers and email addresses which could then be sold off to other third parties without requiring any further consent from the user. It was detected that tenant's default user settings are not limited.