“Before Azure, employees choosing to use their own apps for work purposes was termed ‘Shadow IT’ – but those days are over”

 

As we all know there are a lot of different apps available on the web that our employees want to have in their tool kit.

Before Azure, employees choosing to use their own apps for work purposes was termed ‘Shadow IT’ – but those days are over – app use is now made visible to administrators through the Admin consent workflow in Azure Active Directory.

The admin consent workflow in Azure Active Directory allows you to review and control what apps your employees are accessing with their work identity. It allows you to block access to apps completely or until you have reviewed the requirement and risk which gives you the opportunity to make an informed decision before allowing the use of these apps.

The Microsoft documentation link for configuring the admin consent workflow can be accessed here.

Remember: At the time of writing Admin consent requests is still in preview, it is however an important tool when defending your company, staff and user data from malicious attacks.  

If you’re already familiar with Azure Admin Consent and want to see some helpful tips on successful implementation, check out our article, 5 tips for successfully implementing Azure Admin Consent.


 

How it works

Employee access request

When an employee browses to a site and tries to log in with their work identity, they will see a screen like this where they can justify why they need access.

Approval Received

Once their access request is approved, the requester will receive a conformation email

Admin3.png

 

 

Admin Consent

When an employee wants to use their work identity to access a new application using their work identity the admin consent process will generate a notification to your admin team.

Delegated reviewers will get notified that there is Admin consent request waiting for review.

Admin4.png

 

Approving Requests

To approve requests, a reviewer must be a Global Administrator, Cloud Application Administrator, or Application Administrator.

It’s important that you have the right people trained and assigned to review these requests to

  • Ensure you don’t overload any one admin

  • Have a quick turnaround so that employees are not frustrated

  • Have good communications with the requestors

  • Have the skills to understand the risks associated with each app


 

App Vetting Service is the key to success

App Vetting

If you intend to enable this Admin Consent process you will need to have an App Vetting process in place to complete a risk review for each of the apps being requested.

A good app vetting process should consider a number of different aspects around the functionality, security and supportability of the app including

 

  • Does the App Vendor have the capacity to deliver your requirements?

  • Does the App Vendor  have the competency to deliver your requirements?

  • Is the App Vendor committed to quality?

  • What is the cash position of the App Vendor?

  • What is the cost of the product? What about hidden costs?

  • Does the App Vendor provide efficient and effective communication?

  • What are the options and hours for support?

  • Does the App Vendor have a data security policy or collateral available for review?

  • Does the App Vendor provide security training to their employees?

  • Is there evidence the App Vendor patches and updates their service regularly?

 

Need help?

Mobile Mentor has a team of certified and experience Microsoft engineers who can help you set up Azure Admin Consent workflow for your business.  Feel free to contact us.