Issue/Question
What is USD's process to determine which Microsoft Enterprise Applications are allowed
Environment
- Microsoft Enterprise App
- Entra ID
- Azure AD
- Permissions
Cause
The purpose of this policy is to protect against Microsoft enterprise applications that require excessive admin and user permissions/consent. This policy aims to protect the USD's data and systems from likely security risks while also allowing business activity to continue.
Resolution
Scope:
This policy applies to all Microsoft enterprise applications.
Policy:
- The IT department will maintain an inventory of all Microsoft enterprise applications used within the organization and will regularly review the admin and user permissions required by these applications.
- Applications that require excessive admin or user permissions will be restricted and their use will require approval from the IT department.
- The IT department will work with the application owners to reduce the permissions required by the application or to find alternative solutions that do not require excessive permissions.
- Users who require access to restricted applications must submit a request to the IT department, providing justification for their need to use the application. Submit your request to servicedesk@usd.edu
- The IT department will review all requests and grant access to restricted applications on a case-by-case basis, taking into account the potential risks and the user's role and responsibilities within the organization.
- The IT department will regularly review and update this policy to ensure that it remains effective in protecting the organization's data and systems.
- User Consent is automatically granted for applications that are categorized as Low Impact. Please see the image below.
Please contact the Service Desk if you need further assistance