Limit App Registrations to Admins [CHK-1120]
This check verifies whether employees have the right to create new apps in your Microsoft environment.
Rationale
Apps can be used by an attacker to maintain access to an Azure AD environment and conduct phishing attacks on other users. It is advisable to disable app registration for regular users.
Fix
An automated fix is available through Attic.
To fix it yourself:
- Sign in to the Azure AD portal at https://entra.microsoft.com
- Navigate to Users > User settings
- Under "App registrations", set "Users can register applications" to "No"
- Click "Save" to apply the changes
Impact
This fix ensures that the ability to register apps is reserved for administrators, reducing the risk of malicious apps gaining access to your company data.