Update MC1097272: Microsoft will update default settings to enhance security by requiring admin consent for third-party app access - rollout starting mid-July 2025. While this is great news for security overall, admins need to prepare to avoid app and business disruption and user frustration.
Here are some resources from @mattchatt and @SanderBerkouwer to ensure you’re prepared for the change:
Microsoft Disables User Consent By Default, Are You Ready For MC1097272?
Upcoming Change to Entra App Consent Defaults: What Admins Need to Know Before July 16
Message Center Archive from Merill Fernando:
MC1097272 - Microsoft 365 Upcoming Secure by Default Settings Changes
If you’re looking for more historical context, check out these posts outlining the original Consent Default and associated risks by Microsoft MVP @mattchatt:
Entra ID Application Consent: What Identity Admins Need to Know - Part 1
Entra ID Application Consent: What Identity Admins Need to Know - Part 2
If you have any questions about this upcoming change, what it means, and how to prepare, comment below!