Third-party apps should only be accepted by IT specialists after a vetting process. This will prevent normal users from accepting apps. Admins will still be able to consent to applications.

Consenting to applications sometimes allows third parties to access personal information from your users. It's essential to closely audit apps that are installed in your organization. An app that has been certified by Microsoft may seem harmless on its own, but it might also have vulnerabilities that can expose company data.

This setting can be found in the Entra Admin Center, in Applications/Enterprise Applications/Consent and Permissions section.

The operation to look for in the Unified Audit Logs: Create company settings / Update company settings

Microsoft’s documentation on end-user consent to applications:

02/28/2024 Important Note: 

You may have received an Office Protect security event informing you that the Do not allow Third-Party Integrated Applications setting had been changed outside Office Protect. This event has been raised after Microsoft performed changes in the way this setting is handled. Change happened at a permission level. The setting found in the Microsoft Admin Center > Settings/Org settings/Services/User consent to apps section is not aligned with these changes (see screenshots below).

The way the setting is enabled/disabled and monitored in Office Protect has been changed according to these changes. If you received a setting changed security event, note that there were no interruption in your tenant protection. The setting state is back to normal in Office Protect and you do not have to re-apply it.

In Microsoft Entra admin portal, after enabling the setting from Office Protect:

While in Microsoft admin portal: not aligned with the way the setting is enabled. If the User Consent settings are well configured in your Microsoft Entra admin portal, users will not be able to consent to apps.