Ensure that "Users can register applications" feature is disabled within your Azure Active Directory (AD) settings so that only AD administrators can register third-party applications after these are reviewed and evaluated from the security standpoint.
This rule resolution is part of the Cloud Conformity Security & Compliance tool for Azure
To adhere to cloud security best practices, it is strongly recommended to allow only users with administrator roles to register custom-developed applications using Azure Active Directory. This ensures that each application goes through a rigorous security review before exposing Active Directory data to it.
To determine if all Active Directory (AD) users are allowed to register third-party applications, perform the following actions:Note: Getting "Users can register applications" AD setting status using Microsoft Graph API or Azure CLI is not currently supported.
Remediation / Resolution
By setting "Users can register applications" to "No", the Azure administrators can review the custom-developed applications before these are registered and used within your Active Directory account. To disable the required setting, perform the following actions:Note: Restricting AD users' ability to register applications using Microsoft Graph API or Azure CLI is not currently supported.
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
You are auditing:
Restrict Application Registration for Non-Privileged Users
Risk level: High