Ensure that "Users can register applications" feature is disabled within your Azure Active Directory (AD) settings so that only AD administrators can register third-party applications after these are reviewed and evaluated from the security standpoint.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
To adhere to cloud security best practices, it is strongly recommended to allow only users with administrator roles to register custom-developed applications using Azure Active Directory. This ensures that each application goes through a rigorous security review before exposing Active Directory data to it.
To determine if all Active Directory (AD) users are allowed to register third-party applications, perform the following actions:Note: Getting "Users can register applications" AD setting status using Microsoft Graph API or Azure CLI is not currently supported.
Remediation / Resolution
By setting "Users can register applications" to "No", the Azure administrators can review the custom-developed applications before these are registered and used within your Active Directory account. To disable the required setting, perform the following actions:Note: Restricting AD users' ability to register applications using Microsoft Graph API or Azure CLI is not currently supported.
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Restrict Application Registration for Non-Privileged Users
Risk level: High