Devolutions.CIEM

0.3.180

modules/Azure/Checks/Test-EntraPolicyUserConsentForVerifiedApps.ps1

                                function Test-EntraPolicyUserConsentForVerifiedApps {

    <#

    .SYNOPSIS

        Entra tenant does not allow users to consent to non-verified applications

    .DESCRIPTION

        **Microsoft Entra** authorization policy for the default user role is assessed for assignment of the user-consent policy `microsoft-user-default-legacy`. Its presence means users can self-consent to app permissions; its absence indicates consent is restricted (e.g., only verified publishers or low-impact scopes).

    .PARAMETER Check

        CIEMCheck object containing check metadata.

    #>

    [CmdletBinding()]

    [OutputType([PSCustomObject[]])]

    param(

        [Parameter(Mandatory)]

        $Check

    )

    $ErrorActionPreference = 'Stop'

    # TODO: Implement check logic based on Prowler check: entra_policy_user_consent_for_verified_apps

    [CIEMScanResult]::Create($Check, 'MANUAL', 'This check requires manual implementation. See Prowler check entra_policy_user_consent_for_verified_apps for reference.', 'N/A', 'entra Resources')

}