I'm curious about how other M365 system administrators manage Admin Consent requests for Enterprise Apps. In the past, I typically ignored these requests since most users ended up finding alternative solutions, and the requests would expire after 30 days. If an app was really essential, either the user or their manager would submit a help desk ticket for approval. However, my manager recently emphasized that we need to address these requests more actively. Now, I've added him and a few others to the alert system, which automatically generates tickets for each new request as well as reminders when they're about to expire. While I know the basic steps—like checking if we already have a similar product and directing users accordingly—sometimes I encounter requests that stump me. I'm wondering how others balance visibility and efficiency in this process?
5 Answers
Ignoring requests isn't a great idea—better to get user feedback to understand their needs first. I ask users what they need the app for, but this can often reveal that the request might not even be necessary, or I can provide them with alternative solutions.
Right! Engaging the users can either debunk their wants or legitimize them, which is way more productive.
We make it mandatory for all requests to go through our ticket system. Our implementation team, which includes IT and managers, reviews everything before any approval happens. This way, we manage expectations and responsibilities appropriately.
We've got a robust system in place where all app requests turn into service items that get routed to the IT team first. This helps us determine if we need a whole project for the request or if there's already something approved that meets the need.
So, this is tied to a specific email linked to your ticketing system? I'm curious how that workflow is set up.
Most app owners manage their own app registrations. We handle the incoming requests through ticketing like everything else. It's crucial to involve the app owners early to discuss the necessity of granting access before making any decisions.
This makes a lot of sense! Involving the app owners really can help clarify whether the request is still relevant.
We actually disabled user-initiated requests entirely. Instead, they have to go through our normal service request channels, which helps streamline evaluations and approvals.
What setting did you use to disable those requests? We currently have user consent disabled, but it still creates admin requests that come straight to me.
This seems like a smart move. Users find it easier to navigate through proper channels instead of sending random requests.
Absolutely! Sometimes just approaching them with a few questions can save everyone a lot of hassle.