[GH-ISSUE #440] Allow to specify Enterprise Application admin consent (maybe specifically for Apple Internet Accounts) #233

New issue

Closed

opened 2026-03-02 12:40:30 +03:00 by kerem · 2 comments

kerem commented

2026-03-02 12:40:30 +03:00

Owner

Originally created by @ponchohoncho on GitHub (Dec 14, 2021).
Original GitHub issue: https://github.com/KelvinTegelaar/CIPP/issues/440

Is your feature request related to a problem? Please describe.
Enabling Secure Defaults is awesome, disallowing users from consenting to apps is awesome. When you combine the two, iOS users can't connect Apple Mail to M365 using MFA. That's not awesome.

Describe the solution you'd like
Rather than go into every tenant manually to add the "Apple Internet Accounts" (née iOS Accounts) to the Enterprise Applications and grant consent for it, it would be dope if CIPP could do that as a Standard, or maybe bundle it in automatically with either Secure Defaults or Disallow Consent. It could be nice if it was more generalized, to allow to deploy any Enterprise App as a Standard, but the one that's really got me right now is Apple Internet Accounts.

Describe alternatives you've considered
Doing it by hand. That's, like, a lot, man.

Additional context
Some notes on the enterprise app: https://www.reddit.com/r/sysadmin/comments/iug4bw/ios_14_admin_approval_for_apple_internet_accounts/
The app's ID: f8d98a96-0999-43f5-8af3-69971c7bb423

Originally created by @ponchohoncho on GitHub (Dec 14, 2021). Original GitHub issue: https://github.com/KelvinTegelaar/CIPP/issues/440 **Is your feature request related to a problem? Please describe.** Enabling Secure Defaults is awesome, disallowing users from consenting to apps is awesome. When you combine the two, iOS users can't connect Apple Mail to M365 using MFA. That's not awesome. **Describe the solution you'd like** Rather than go into every tenant manually to add the "Apple Internet Accounts" (née iOS Accounts) to the Enterprise Applications and grant consent for it, it would be dope if CIPP could do that as a Standard, or maybe bundle it in automatically with either Secure Defaults or Disallow Consent. It could be nice if it was more generalized, to allow to deploy any Enterprise App as a Standard, but the one that's really got me right now is Apple Internet Accounts. **Describe alternatives you've considered** Doing it by hand. That's, like, a lot, man. **Additional context** Some notes on the enterprise app: https://www.reddit.com/r/sysadmin/comments/iug4bw/ios_14_admin_approval_for_apple_internet_accounts/ The app's ID: f8d98a96-0999-43f5-8af3-69971c7bb423

kerem closed this issue

2026-03-02 12:40:30 +03:00

kerem commented

2026-03-02 12:40:31 +03:00

Author

Owner

@KelvinTegelaar commented on GitHub (Dec 14, 2021):

Not possible, Consent has to be given interactively.

@KelvinTegelaar commented on GitHub (Dec 14, 2021): Not possible, Consent has to be given interactively.

kerem commented

2026-03-02 12:40:31 +03:00

Author

Owner

@ponchohoncho commented on GitHub (Dec 14, 2021):

Would it be possible for CIPP to list the Enterprise Apps that have been consented to in a tenant and give a warning if Secure Defaults & Disable User Consent are both enabled and Apple Internet Accounts is not found? That way we could at least have a list of tenants to manually remediate.

@ponchohoncho commented on GitHub (Dec 14, 2021): Would it be possible for CIPP to list the Enterprise Apps that have been consented to in a tenant and give a warning if Secure Defaults & Disable User Consent are both enabled and Apple Internet Accounts is not found? That way we could at least have a list of tenants to manually remediate.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/CIPP#233

No description provided.

Rows
Columns