Ensure that "Users can add gallery apps to their Access Panel" setting is set to "No" within your Azure Active Directory user settings so that the administrators can evaluate and integrate first these applications in order for users to see them on their access panels.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
Azure Access Panel is a web-based portal that enables Active Directory (AD) users to view and start cloud-based applications that the AD administrator has granted them access to. When "Users can add gallery apps to their Access Panel" setting is enabled, the Active Directory users are allowed to add any application that supports password Single Sign-On (SSO) to appear on their Access Panel, without an administrator needing to pre-integrate that application, thus bypassing the evaluation and integration process recommended for each gallery app.
To determine if AD users are allowed to add cloud applications to the Access Panel, perform the following actions:Note: Retrieving "Users can add gallery apps to their Access Panel" setting status using Microsoft Graph API or Azure CLI is not currently supported.
Remediation / Resolution
By setting "Users can add gallery apps to their Access Panel" to "No", the Azure administrators can evaluate and provision the cloud-based applications for the Active Directory users resulting in the applications appearing on the users Access Panel. To disable the required setting, perform the following actions:Note: Restricting AD user's ability to add gallery applications to its own Access Panel using Microsoft Graph API or Azure CLI is not currently supported.
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Restrict Adding Gallery Apps to Access Panel
Risk level: High