Insights | PKF Infuse

Microsoft Just Blocked Third-Party App Access... PKF Infuse Did It First. | PKF Infuse

Written by PKF Infuse | Aug 8, 2025 11:22:27 AM

Microsoft just rolled out a change to Microsoft 365 that stops users giving third-party apps access to company data, unless an admin signs it off first.

No more third-party apps accessing company data.

Here’s the thing: We’ve been doing this for months. If you’re already a PKF Infuse client, you can tick this one off your worry list. We already put the control in place to protect your business long before it became the Microsoft default.

Why Blocking Third-Party Microsoft 365 App Access Matters

Until now, any Microsoft 365 user could approve an app’s request to access their account. This might be a genuine productivity tool… or it might be a cleverly disguised way for attackers to get their hands on:

  • Emails
  • OneDrive or SharePoint files
  • Teams chats
  • Calendars and contacts

Most people just click “Accept” without thinking twice. And once those permissions are granted, they often stick around, even if the password changes or MFA (Multi-Factor Authentication) is turned on.

It’s an open door, and attackers love it.

Microsoft’s New Admin Consent Requirement for Apps

Microsoft has now shut that door by requiring admin approval before any app can be linked to a Microsoft 365 account. Users will see a simple message:

“Need admin approval”

From there, IT can review the request and decide whether it’s safe.

This extra step is vital because it stops users from accidentally approving malicious apps (which is more common than you think). It also gives IT teams proper visibility and control and cuts the risk of long-term invisible access to attackers.

How PKF Infuse Enabled Admin Consent Months Before Microsoft

We didn’t wait for Microsoft’s update. Months ago, we:

  • Switched on admin consent enforcement across all clients
  • Blocked users from granting app permissions themselves
  • Set Microsoft Entra policies to match each client’s risk tolerance
  • Monitored app activity for anything suspicious

For our clients, the recent Microsoft change was a non-event, because they were already protected.

What Admin Consent Looks Like in Day-to-Day Use

Now, when someone tries to connect a new app to their Microsoft account, they’ll hit a polite stop sign. The admin team gets notified, checks the request, and either approves it or blocks it.

No more blind trust. No more silent risks lurking in the background.

The Benefits of a Proactive Microsoft 365 Security Approach

A lot of businesses only act after something goes wrong—like a compromised inbox or unauthorised data sharing. Our clients didn’t need a breach to push them into action.

This is how we work:
✅ We anticipate risks
✅ We implement protections quietly
✅ We let your team focus on their work without the security headaches

Not Sure Who Has Access to Your Microsoft 365 Environment?

If you’re not a PKF Infuse client and can’t answer that question confidently, it’s worth finding out. Hidden permissions can be a bigger risk than you think.

We can help you check and close the gaps.
Get in touch and we’ll bring some clarity (and control) to your Microsoft environment.

Already with us? You’re ahead of the curve.
View full post