Control: Azure > CIS v5.0 > 5 - Identity Services > 5.13 - Ensure that 'User consent for applications' is set to 'Allow user consent for apps from verified publishers, for selected permissions'
Configures auditing against a CIS Benchmark item.
Level: 2
Allow users to provide consent for selected permissions when a request is coming from a verified publisher.
If Microsoft Entra ID is running as an identity provider for third-party applications, permissions and consent should be limited to administrators or pre-approved. Malicious applications may attempt to exfiltrate data or abuse privileged user accounts.
Resource Types
This control targets the following resource types:
Policies
This control type relies on these other policies when running actions:
- Azure > CIS v5.0 > Maximum Attestation Duration
- Azure > CIS v5.0 > 5 - Identity Services > 5.13 - Ensure that 'User consent for applications' is set to 'Allow user consent for apps from verified publishers, for selected permissions' > Attestation
- Azure > CIS v5.0
- Azure > CIS v5.0 > 5 - Identity Services > 5.13 - Ensure that 'User consent for applications' is set to 'Allow user consent for apps from verified publishers, for selected permissions'
- Azure > CIS v5.0 > 5 - Identity Services
- Azure > CIS v5.0 > 5 - Identity Services > Maximum Attestation Duration
Category
In Your Workspace
Developers
- tmod:@turbot/azure-cisv5-0#/control/types/r0513
- tmod:@turbot/cis#/control/categories/v070207
- turbot graphql controls --filter "controlTypeId:tmod:@turbot/azure-cisv5-0#/control/types/r0513"
Get Controls
Control Type URI
Category URI
GraphQL
CLI