iCompaas Support

Description:

The Users can register applications setting in Microsoft Entra ID controls whether users can create new application registrations. When enabled, users can introduce unapproved applications, increasing security risk. Setting this option to No restricts application registration to administrators only, reducing the risk of unauthorized or unmanaged applications.

Rationale:

By setting 'Users can register applications' to 'No':

• Enhance security by ensuring that only trusted administrators can create or register applications, reducing the potential for rogue or insecure applications being added to the environment.

• Improve governance by limiting the ability to create and manage applications to authorized personnel, thus ensuring that applications are properly reviewed, configured, and secured.

Impact:

• Increase control over which applications are added to Azure AD, ensuring that only authorized administrators can register and manage applications.

• Prevent users from registering applications unless they have administrative privileges, which helps secure the organization's application environment.

Default Value:

By default, Microsoft Entra ID allows users to register applications unless this setting is manually changed to 'No'. This setting must be configured to restrict application registration.

Pre-requisites:

• Sign in using an account with Global Administrator or Privileged Role Administrator permissions.

• Access to the Microsoft Entra admin center

Test Plan:

1. Log in to the Azure portal.

2. Search for Microsoft Entra ID in the search bar.

3. In the left-hand menu under the Manage section, select User settings.

4. In the Default user role permissions section, locate the “Users can register applications” setting, which has two options: Yes or No.

5. If it is yes, follow the Implementation Steps.
   
   

Implementation Steps:

1. Log in to the Azure portal.

2. Search for Microsoft Entra ID in the search bar.

3. In the left-hand menu under the Manage section, select User settings.

4. In the Default user role permissions section, change Users can register applications from Yes to No.

5. Save the changes.

Backout Plan:

1. Log in to the Azure portal.

2. Search for Microsoft Entra ID in the search bar.

3. In the left-hand menu under the Manage section, select User settings.

4. change Users can register applications from No to Yes, and save.

Reference:

• https://learn.microsoft.com/en-us/answers/questions/2123520/blocking-app-registration-for-users-in-azure