Office Protect Settings - Do Not Allow Third-Party Integrated Applications

Third-party apps should only be accepted by IT specialist after a vetting process. This will prevent normal users from accepting apps. Admins will still be able to consent to applications.


This setting can be found in the Microsoft Admin Center, in Settings/Org settings/Services/User consent to apps section, but the setting is also available in the Azure Active Directory with further customization. If you want to use these customizations, we recommend leaving the Office Protect setting on - it will not enter in conflict with the Azure Active Directory setting.


Operation to look for in the Unified Audit Logs: Update company settings


Microsoft’s documentation on end-user consent to applications: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-user-consent?tabs=azure-portal