Best practices

Users Can Register Applications

Description

'User settings' is default configurations of consent and permissions for all tenant users. It was detected that users can register require administrators or appropriately delegated users to register third-party applications. This will create over privilege permissions over of all tenant with all outcomes. Certain users like developers or other high-request users may also be delegated permissions to prevent them from waiting on an administrative user.
  • Recommended Mitigation

    It is recommended to allow only administrators or appropriately delegated users to register third-party applications. This ensures that the application undergoes a formal security review and approval process prior to exposing Azure Active Directory data. For more information: <a href="https://learn.microsoft.com/en-us/azure/active-directory/roles/delegate-app-roles" target="_blank" rel="noopener noreferrer">https://learn.microsoft.com/en-us/azure/active-directory/roles/delegate-app-roles</a>