Default Settings - Consent Policy Settings - Block user consent for risky apps
Defines whether user consent will be blocked when a risky request is detected
| Name | BlockUserConsentForRiskyApps |
| Control | Default Settings - Consent Policy Settings |
| Description | Define the consent configurations that can be used to customize the tenant-wide and object-specific restrictions and allowed behavior |
| Severity | High |
How to fix
Details of configuration item
| Recommendation | Configure risk-based step-up consent - Microsoft Entra ID - Microsoft Learn |
| Configuration | settings |
| Setting | `values |
| Recommended Value | 'true' |
| Default Value | true |
| Graph API Docs | directorySetting resource type - Microsoft Graph beta - Microsoft Learn |
| Graph Explorer | Open in Graph Explorer |
MITRE ATT&CK
| Tactic | Technique | Mitigation |
|---|---|---|
| TA0001 - Initial Access - Initial Access | T1566.002 - Phishing: Spearphishing Link T1078 - Valid Accounts | M1017 - User Training M1018 - User Account Management M1047 - Audit |