EIDSCA.CP01 - Default Settings - Consent Policy Settings - Group owner consent for apps accessing data.
Overviewā
Group and team owners can authorize applications, such as applications published by third-party vendors, to access your organization's data associated with a group. For example, a team owner in Microsoft Teams can allow an app to read all Teams messages in the team, or list the basic profile of a group's members.
CISA SCuBA 2.7: Non-Admin Users SHALL Be Prevented From Providing Consent To Third-Party Applications.
Test scriptā
https://graph.microsoft.com/beta/settings
.values -eq 'False'
Related linksā
- Open in Graph Explorer
- directorySetting resource type - Microsoft Graph beta | Microsoft Learn
- View in Microsoft Entra admin center
MITRE ATT&CKā
| Tactic | Technique | Mitigation |
|---|---|---|
| TA0001 - Initial Access - Initial Access | T1566.002 - Phishing: Spearphishing Link T1078 - Valid Accounts | M1017 - User Training M1018 - User Account Management M1047 - Audit |
Test Metadataā
| Field | Value |
|---|---|
| Test ID | EIDSCA.CP01 |
| Severity | High |
| Suite | Entra ID SCA |
| Category | General |
| PowerShell test | Test-MtEidscaCP01 |
| Tags | EIDSCA, EIDSCA.CP01 |
Sourceā
- Pester test:
tests/EIDSCA/Test-EIDSCA.Generated.Tests.ps1 - PowerShell source:
powershell/internal/eidsca/Test-MtEidscaCP01.ps1