EIDSCA.AP10 - Default Authorization Settings - Default User Role Permissions - Allowed to create Apps.
Overview
Controls if non-admin users may register custom-developed applications for use within this directory.
CISA SCuBA 2.6: Only Administrators SHALL Be Allowed To Register Third-Party Applications
Test script
https://graph.microsoft.com/beta/policies/authorizationPolicy
.defaultUserRolePermissions.allowedToCreateApps -eq 'false'
Related links
- Open in Graph Explorer
- authorizationPolicy resource type - Microsoft Graph v1.0 | Microsoft Learn
- View in Microsoft Entra admin center
Test Metadata
| Field | Value |
|---|---|
| Test ID | EIDSCA.AP10 |
| Severity | High |
| Suite | Entra ID SCA |
| Category | General |
| PowerShell test | Test-MtEidscaAP10 |
| Tags | EIDSCA, EIDSCA.AP10 |
Source
- Pester test:
tests/EIDSCA/Test-EIDSCA.Generated.Tests.ps1 - PowerShell source:
powershell/internal/eidsca/Test-MtEidscaAP10.ps1