Microsoft Changes Entra App Consent Default Settings - July 16, 2025

Update MC1097272: Microsoft will update default settings to enhance security by requiring admin consent for third-party app access - rollout starting mid-July 2025. While this is great news for security overall, admins need to prepare to avoid app and business disruption and user frustration.

Here are some resources from @mattchatt and @SanderBerkouwer to ensure you’re prepared for the change:

Microsoft Disables User Consent By Default, Are You Ready For MC1097272?

Upcoming Change to Entra App Consent Defaults: What Admins Need to Know Before July 16

Message Center Archive from Merill Fernando:
MC1097272 - Microsoft 365 Upcoming Secure by Default Settings Changes

If you’re looking for more historical context, check out these posts outlining the original Consent Default and associated risks by Microsoft MVP @mattchatt:

Entra ID Application Consent: What Identity Admins Need to Know - Part 1
Entra ID Application Consent: What Identity Admins Need to Know - Part 2

If you have any questions about this upcoming change, what it means, and how to prepare, comment below!

Merill Fernando and Erin Greenlee from Microsoft recorded a session on ‘The Ultimate Guide to App Consent in Microsoft Entra’ to help admins understand and navigate this change to Entra ID app consent default settings. You can watch it here: https://youtu.be/JBt-sB0qXqk?si=e_bhxzID0om5uYyg

Here’s another great resource to help your organization keep on top of the Entra App Consent Change happening this week!

How to Build a Custom App Consent Policy with PowerShell by Mustafa Nassar

Mustafa walks through how to create and assign a custom consent policy in Microsoft Entra ID using Microsoft Graph and PowerShell. This setup enables admins to limit who can grant permissions, to which apps, and for which scopes—strengthening security and compliance across your org.