Skip to main content

Applications

Tier 1 Checks

#CheckLicense
A01Shadow IT discovery is enabled to inventory unsanctioned cloud appsMDCA / E5
A02Risky OAuth apps are reviewed and an OAuth app policy is configuredMDCA / E5
A03App governance is enabled for OAuth apps accessing Microsoft 365 dataMDCA add-on / E5
A04Users cannot register applications by default
A05User consent to apps is restricted and admin consent workflow is enabled
A06Conditional Access App Control governs sessions for sensitive appsP1 + MDCA

Tier 2 / Tier 3 coverage

This is Tier 1 — the highest-impact starting set for app governance. Tier 2 and Tier 3 add depth on app connector onboarding for API-level monitoring, custom OAuth app policies and automated remediation, anomaly-detection policies, file policies for sanctioned apps, and Conditional Access App Control session policies (download blocking, label-aware DLP, read-only enforcement) across the full app estate.

📩 Don't Miss the Next Solution

Join the list to see the real-time solutions I'm delivering to my GCC High clients.