EIDSCA.AP09 - Default Authorization Settings - Allow user consent on risk-based apps.
Overview
Indicates whether user consent for risky apps is allowed. For example, consent requests for newly registered multi-tenant apps that are not publisher verified and require non-basic permissions are considered risky.
Configure risk-based step-up consent - Microsoft Entra ID - Microsoft Learn
Test script
https://graph.microsoft.com/beta/policies/authorizationPolicy
.allowUserConsentForRiskyApps -eq 'false'
Related links
- Open in Graph Explorer
- authorizationPolicy resource type - Microsoft Graph v1.0 | Microsoft Learn
- View in Microsoft Entra admin center
Test Metadata
| Field | Value |
|---|---|
| Test ID | EIDSCA.AP09 |
| Severity | Medium |
| Suite | Entra ID SCA |
| Category | General |
| PowerShell test | Test-MtEidscaAP09 |
| Tags | EIDSCA, EIDSCA.AP09 |
Source
- Pester test:
tests/EIDSCA/Test-EIDSCA.Generated.Tests.ps1 - PowerShell source:
powershell/internal/eidsca/Test-MtEidscaAP09.ps1