![]() It seems like a major shortcoming in the service. I can see the attempted sign-ins in the portal - is there no way to initiate an app approval workflow from here once the application ID is known? It's possible I am approaching this in completely the wrong way but the agent who picked up my support request couldn't suggest a better approach than doing a screen share with an affected user to authorise the application either. This is quite a clunky process, especially where the end user and the admin are not located in the same office or timezone. Where these apps are not in the gallery, the only way to grant access to the whole tenant is to authorise the app as an admin for the user by logging in for them, and then locating the app in the Azure AD portal and granting admin consent for the organisation. We have disabled the feature where users can consent to third-party applications accessing data on their behalf - we have seen it used as a vector for phishing attacks where malicious documents are created in SharePoint and then the users own email account is used to send out sharing requests.Īs a result, people are now asked for admin approval when attempting to use these applications - the behaviour described here.
0 Comments
Leave a Reply. |