Control: Azure > CIS v2.0 > 01 - Identity and Access Management > 1.13 Ensure that 'Users can add gallery apps to My Apps' is set to 'No'
Configures auditing against a CIS Benchmark item.
Level: 1
Require administrators to provide consent for the apps before use.
Unless Azure Active Directory is running as an identity provider for third-party applications, do not allow users to use their identity outside of your cloud environment. User profiles contain private information such as phone numbers and email addresses which could then be sold off to other third parties without requiring any further consent from the user.
Resource Types
This control targets the following resource types:
Policies
This control type relies on these other policies when running actions:
- Azure > CIS v2.0 > Maximum Attestation Duration
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.13 Ensure that 'Users can add gallery apps to My Apps' is set to 'No' > Attestation
- Azure > CIS v2.0
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.13 Ensure that 'Users can add gallery apps to My Apps' is set to 'No'
- Azure > CIS v2.0 > 01 - Identity and Access Management
- Azure > CIS v2.0 > 01 - Identity and Access Management > Maximum Attestation Duration
Category
In Your Workspace
Developers
- tmod:@turbot/azure-cisv2-0#/control/types/r0113
- tmod:@turbot/cis#/control/categories/v070206
- turbot graphql controls --filter "controlTypeId:tmod:@turbot/azure-cisv2-0#/control/types/r0113"
Get Controls
Control Type URI
Category URI
GraphQL
CLI