EIDSCA.CP03 - Default Settings - Consent Policy Settings - Block user consent for risky apps.
Overviewβ
Defines whether user consent will be blocked when a risky request is detected
Configure risk-based step-up consent - Microsoft Entra ID - Microsoft Learn
Test scriptβ
https://graph.microsoft.com/beta/settings
.values -eq 'true'
Related linksβ
MITRE ATT&CKβ
| Tactic | Technique | Mitigation |
|---|---|---|
| TA0001 - Initial Access - Initial Access | T1566.002 - Phishing: Spearphishing Link T1078 - Valid Accounts | M1017 - User Training M1018 - User Account Management M1047 - Audit |
Test Metadataβ
| Field | Value |
|---|---|
| Test ID | EIDSCA.CP03 |
| Severity | High |
| Suite | Entra ID SCA |
| Category | General |
| PowerShell test | Test-MtEidscaCP03 |
| Tags | EIDSCA, EIDSCA.CP03 |
Sourceβ
- Pester test:
tests/EIDSCA/Test-EIDSCA.Generated.Tests.ps1 - PowerShell source:
powershell/internal/eidsca/Test-MtEidscaCP03.ps1