ThoughtContagion
commented
6 months ago Thank you for your submission! We will review this shortly.
Closed NegativeNine closed 6 months ago
ThoughtContagion
commented
6 months ago Thank you for your submission! We will review this shortly.
Inspect-OAUTHUserConsent: Checks whether the default user has permissions associated with the ability to consent to OAUTH apps.
Learn Article: https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/configure-user-consent?pivots=portal
It appears that the inspector ThirdPartyIntegratedAppPermission is similar, however it only checks if the admin workflow is enabled and if users care able to create apps. This is a separate check that addresses the permission that is assigned to users that allows them to consent at all.
Inspect-CAPolicies_legacyauth: This inspector checks if there is a CAP that blocks legacy authentication. This is a separate check from if SharePoint allows legacy authentication.
Code and findings file is copied and refactored from the other CAPolicy-xxx inspectors.
Learn Article: https://learn.microsoft.com/en-us/entra/identity/conditional-access/howto-conditional-access-policy-block-legacy