APP-08: Restrict User Application Consent

Frequently asked questions about implementing and managing the APP-08 security control in Microsoft 365 and Entra ID.

Q
What is APP-08 (Restrict User Application Consent)?
A

APP-08 is a security control that oauth phishing attacks trick users into granting malicious apps access to their data. by blocking user consent, you force all app permission requests through admin review, stopping this attack vector. It requires that users cannot consent to applications requesting permissions and admin consent workflow is the only path for new app permissions, pre-approved apps are allowlisted if needed.

Related controls:APP-08
Q
Why is Restrict User Application Consent important for Microsoft 365 security?
A

OAuth phishing attacks trick users into granting malicious apps access to their data. By blocking user consent, you force all app permission requests through admin review, stopping this attack vector.

Related controls:APP-08
Q
How do I implement APP-08 in my tenant?
A

TrueConfig provides one-click remediation for APP-08. Configures user consent to "Do not allow user consent" in Entra ID

Related controls:APP-08
Q
What license do I need for APP-08?
A

This control can be implemented with any Microsoft 365 subscription, including free Azure AD.

Related controls:APP-08
Q
Which security baseline includes APP-08?
A

APP-08 is included in the TrueConfig Recommended Secure baseline (Level 1). This is the foundation level suitable for most organizations.

Related controls:APP-08

5

Questions

1

Related Controls

Categorized

Related Resources

APP-08 Control Reference

Detailed documentation and implementation guidance

Workload Identity & Applications Controls

All controls in the Workload Identity & Applications category

Security Glossary

Definitions of security and Microsoft 365 terms

Still have questions?

Our security experts are here to help. Start a free trial and get personalized guidance for your Microsoft 365 environment.

Start Free Trial
All FAQsBrowse Controls →