User & Admin Consent Configuration
Understanding the Concept
Consent in Microsoft Entra ID is the process by which a user or admin grants an application permission to access resources. Understanding consent is critical because misconfigured consent settings are a top attack vector through consent phishing (illicit consent grant attacks).
Admin consent workflow allows users to request access to apps that require admin-approved permissions. Instead of blocking users entirely, the workflow routes requests to designated reviewers who can approve or deny on a case-by-case basis.
Application collections (My Apps) organize approved applications into categories for end-user self-service. Users can discover and launch applications from myapps.microsoft.com, reducing helpdesk calls for application access.
Key Points
- User consent: Users grant low-risk permissions to apps themselves
- Admin consent: Admins grant high-risk or org-wide permissions
- Consent workflow: Users request, admins review and approve/deny
- Illicit consent grant: Phishing attack where users unknowingly grant app permissions
- My Apps portal: Self-service app launcher at myapps.microsoft.com
Why This Matters in Real Organizations
Consent phishing is one of the fastest-growing attack types. Attackers trick users into granting malicious apps access to email, files, and data. Proper consent configuration with admin review workflow prevents these attacks while maintaining user productivity.
Common Mistakes to Avoid
Interview Tips
- Explain consent phishing and how to prevent it
- Discuss the balance between user consent and security
- Mention the admin consent workflow as a best practice
Exam Tips (SC-300)
- Know consent configuration options and their security implications
- Understand the admin consent workflow process
- Know how to detect and respond to illicit consent grants
Course Complete!
You've finished all lessons