Only Admins shall be allowed to register 3rd party applications

Description

Ensure that only administrators can register third-party applications that can access the tenant.

Policy

Only administrators SHALL be allowed to register third-party applications.

Licensing Considerations

This setting can be configured with any Microsoft licensing.

Set Up Instructions

In the Azure Portal, navigate to Azure Active Directory.
Under Manage, select Users.
Select User settings.
Under App Registrations -> Users can register applications, select No.
Click Save.

End-User Impact

Level: Low

The number of times a user should be trying to register a 3rd part application should be low but when they do, they will be blocked. This setting is not generally something that requires any communication before turning on.

Tips

None Currently

PowerShell Scripts

Automating with PowerShell: Setting up application consent (cyberdrain.com)

Monitoring with PowerShell: Monitoring oAuth application changes (cyberdrain.com)

Videos

PreviousAzure AD Logs shall be collected NextNon-admin users shall be prevented from providing consent to 3rd party applications

Last updated 11 months ago