iCompaas Support

Description:

This setting controls whether users in the organization are allowed to add applications from the Azure AD / Microsoft Entra ID application gallery directly to their My Apps portal. Allowing end users to add gallery apps themselves may introduce unauthorized or unapproved applications into the environment, which can increase security risk, reduce governance control, and bypass application onboarding processes.

Rationale:

Disabling this feature ensures users cannot independently assign or add applications without administrator approval. This helps maintain proper governance, prevents unauthorized app usage, and reduces the risk of users granting permissions to malicious or overly permissive applications. Enforcing centralized control aligns with application lifecycle management and security best practices.

Impact:

Restricting users from adding gallery apps ensures better access governance and reduces security risks. However, users may experience reduced flexibility in self-service application use.

Default Value:

By default, users may be allowed to add gallery apps unless explicitly disabled by administrators.

Pre-Requisites:

• Microsoft Entra ID (Azure AD) administrator permissions

• Access to the Azure Portal

Test Plan:

1. Sign in to the Azure Portal at https://portal.azure.com

2. Open Microsoft Entra ID

3. Under the Manage section, select Enterprise applications

4. Under Manage, select User settings

5. Verify that Users can add gallery apps to My Apps is set to No

6. If Users can add gallery apps to My Apps is not set to No, follow the implementation steps

Implementation Steps:

1. Sign in to the Azure Portal at https://portal.azure.com

2. Open Microsoft Entra ID

3. Under the Manage section, select Enterprise applications

4. Under the Mange Select, User settings.

5. Set Users can add gallery apps to My Apps to No

6. Save the changes

Backout Plan:

1. Sign in to the Azure Portal at https://portal.azure.com

2. Open Microsoft Entra ID

3. Under the Manage section, select Enterprise applications

4. Under Manage, Select User settings

5. Set Users can add gallery apps to My Apps to Yes

6. Save the changes

Reference:

• https://learn.microsoft.com/azure/active-directory/manage-apps/add-application-portal