Ensure that "Users can add gallery apps to their Access Panel" setting is set to "No" within your Azure Active Directory user settings so that the administrators can evaluate and integrate first these applications in order for users to see them on their access panels.
This rule resolution is part of the Cloud Conformity Security & Compliance tool for Azure
Azure Access Panel is a web-based portal that enables Active Directory (AD) users to view and start cloud-based applications that the AD administrator has granted them access to. When "Users can add gallery apps to their Access Panel" setting is enabled, the Active Directory users are allowed to add any application that supports password Single Sign-On (SSO) to appear on their Access Panel, without an administrator needing to pre-integrate that application, thus bypassing the evaluation and integration process recommended for each gallery app.
Audit
To determine if AD users are allowed to add cloud applications to the Access Panel, perform the following actions:
Note: Retrieving "Users can add gallery apps to their Access Panel" setting status using Microsoft Graph API or Azure CLI is not currently supported.Remediation / Resolution
By setting "Users can add gallery apps to their Access Panel" to "No", the Azure administrators can evaluate and provision the cloud-based applications for the Active Directory users resulting in the applications appearing on the users Access Panel. To disable the required setting, perform the following actions:
Note: Restricting AD user's ability to add gallery applications to its own Access Panel using Microsoft Graph API or Azure CLI is not currently supported.References
- Azure Official Documentation
- How applications appear on the access panel
- CIS Microsoft Azure Foundations
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
Restrict Adding Gallery Apps to Access Panel
Risk level: High