Replies: 1 comment 2 replies
-
|
Groups are ideal, but in my opinion, we should check for the intent of the rule: an approval process is used instead of allowing users to approve apps on their own. If a consent workflow exists, this should be a pass. It would be nice to have additional verification that the user configured to grant consent is an admin account. I do like the idea of including a recommendation to use groups instead of users. |
Beta Was this translation helpful? Give feedback.
-
|
How would we show those recommendations? |
Beta Was this translation helpful? Give feedback.
-
|
That's something to think about for sure. To start with, I would expect that we display them in the same way that remediation steps are included. However, for a test that passed, users are not very likely to expand and read those details. A second-level status of 'passed with recommendations' could be another way to clue users in to the fact there are potential improvements still, but that would be another level of conversation around the data structure and UX. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
My question is about test
CISA.MS.AAD.5.3: An admin consent workflow SHALL be configured for applications.This is qualified as high severity.Using a group for this is currently in preview, and even though we configured this on individuals, it still failed the test. Is that what we want to test? Or should it say past and advise that a group should be used for manageability?
Beta Was this translation helpful? Give feedback.
All reactions