Internal App Registration Permissions for Manufacturing & Industrial

Manufacturing & Industrial organizations face specific regulatory requirements including iso27001, nist-800-53, cis. The APP-03 control helps address these requirements by:

• Internal app registrations with high-privilege Graph permissions are documented and reviewed quarterly
• Permissions like Mail.ReadWrite.All, Directory.ReadWrite.All, and RoleManagement.ReadWrite.Directory are flagged
• Each internal app with elevated permissions has documented business justification

Internal app registrations are applications you created and control. While you own the code, misconfigured permissions can expose excessive access. Regular review ensures your own apps only have necessary permissions.

When implementing APP-03 in a manufacturing & industrial environment, consider:

• **Regulatory requirements**: iso27001, nist-800-53, cis may mandate specific configurations
• **Risk tolerance**: Manufacturing & Industrial organizations typically have moderate to low risk tolerance
• **Audit frequency**: Plan for regular compliance reviews
• **Documentation**: Maintain detailed records for regulatory inspections

To implement APP-03 in your Microsoft 365 environment:

• Internal app registrations with high-privilege Graph permissions are documented and reviewed quarterly
• Permissions like Mail.ReadWrite.All, Directory.ReadWrite.All, and RoleManagement.ReadWrite.Directory are flagged
• Each internal app with elevated permissions has documented business justification

This control requires manual implementation through the Entra admin center.