Objective
This document explains the importance of obtaining consents for two specific applications managed through Azure Active Directory (Azure AD) as part of our web application’s functionality. These consents are crucial to securely integrate our AI services administration and access certain SharePoint Online information within your enterprise.
Why Consent is Needed
Consent in Azure AD is a fundamental security requirement that ensures users are informed and agree to grant applications specific permissions to access their data or perform actions on their behalf. For our web application, obtaining consents for the following two applications is essential:
- AI Services Administration Application
- SharePoint Online Information Access
1. AI Services Administration Application
This application is designed to manage and administer AI services within your organization. The consent ensures that:
- Security and Compliance: Only authorized users can manage and configure AI services, which maintains the integrity and security of your AI capabilities.
- Operational Efficiency: Admins can oversee AI service deployment, monitoring, and management, leading to more efficient operations.
- Customization and Control: Allows admins to customize settings specific to organizational needs without compromising on user privacy and security standards.
2. SharePoint Online Information Access
The consent ensures that:
- Access to SharePoint Online content for building Knowledge bases on specific list content
- Access to the list of Microsoft Groups to build Audiences in the AI Services Administration Application
For a simplified usage, we have grouped these 2 features in a single consent. It is important to note that this consent is only required to manage theses 2 features. If you dot use them, you do not need to do it.
Granting consent allows our application to function as intended, providing you with the full capabilities you require. It is also a practice that supports transparency and trust, as users are always informed about the kind of access they are granting and for what purpose. Here's why it’s beneficial:
- Transparency: Users are clearly informed about what permissions the application requires and why, promoting transparency.
- User Control: Users have the control to revoke these permissions at any time, giving them continuous control over their data and how it is used.
- Security Assurance: By obtaining consents, the application adheres to organizational and regulatory guidelines, ensuring data is handled securely and responsibly.
Conclusion
Consenting to these applications through Azure AD is not merely a formality but a crucial step in ensuring that your enterprise's web applications perform efficiently and securely while respecting user permissions and organizational policies. This ensures that all interactions with our systems are secure, controlled, and aligned with your business needs.
Consent right requirements
1. AI Services Administration Application
This consent will appear for each AI administrator trying to connect to the application. You can "Bypass" it if an M365 administrator checks the box "Consent on Behalf of your organization" for the company before clicking on Accept
2. SharePoint Online Information Access
This is an application permission. The consent can only be done by an M365 Administrator.
This level of permission is required for
- Allowing to Configure your Azure Cosmos DB automatically when new SharePoint Knowledge bases are created in the application to index the content.
- Allowing the listing of all groups in M365 for Managing Audience. With delegated rights, Administrators can only see their groups, Hiding other private groups.