Shadow IT – a thing of the past with Azure Admin Consent Workflow
“Before Azure, employees choosing to use their own apps for work purposes was termed ‘Shadow IT’ – but those days are over”
As we all know there are a lot of different apps available on the web that our employees want to have in their tool kit.
Before Azure, employees choosing to use their own apps for work purposes was termed ‘Shadow IT’ – but those days are over – app use is now made visible to administrators through the Admin consent workflow in Azure Active Directory.
The admin consent workflow in Azure Active Directory allows you to review and control what apps your employees are accessing with their work identity. It allows you to block access to apps completely or until you have reviewed the requirement and risk which gives you the opportunity to make an informed decision before allowing the use of these apps.
The Microsoft documentation link for configuring the admin consent workflow can be accessed here.
Remember: At the time of writing Admin consent requests is still in preview, it is however an important tool when defending your company, staff and user data from malicious attacks.
When an employee browses to a site and tries to log in with their work identity, they will see a screen like this where they can justify why they need access.
Once their access request is approved, the requester will receive a conformation email
When an employee wants to use their work identity to access a new application using their work identity the admin consent process will generate a notification to your admin team.
Delegated reviewers will get notified that there is Admin consent request waiting for review.
To approve requests, a reviewer must be a Global Administrator, Cloud Application Administrator, or Application Administrator.
It’s important that you have the right people trained and assigned to review these requests to
Ensure you don’t overload any one admin
Have a quick turnaround so that employees are not frustrated
Have good communications with the requestors
Have the skills to understand the risks associated with each app
App Vetting Service is the key to success
If you intend to enable this Admin Consent process you will need to have an App Vetting process in place to complete a risk review for each of the apps being requested.
A good app vetting process should consider a number of different aspects around the functionality, security and supportability of the app including
Does the App Vendor have the capacity to deliver your requirements?
Does the App Vendor have the competency to deliver your requirements?
Is the App Vendor committed to quality?
What is the cash position of the App Vendor?
What is the cost of the product? What about hidden costs?
Does the App Vendor provide efficient and effective communication?
What are the options and hours for support?
Does the App Vendor have a data security policy or collateral available for review?
Does the App Vendor provide security training to their employees?
Is there evidence the App Vendor patches and updates their service regularly?
Mobile Mentor has a team of certified and experience Microsoft engineers who can help you set up Azure Admin Consent workflow for your business. Feel free to contact us.
Since 2005 I have dedicated my professional capabilities to the advancement of wireless mobile data technologies. During my career I have worked with customers in markets large and small, including financial and government organizations in New Zealand, Europe and the United States.