(Updated) Create a line-of-business SharePoint Embedded app on SharePoint admin center

🚨 The Signal: SharePoint Embedded app management moves to SharePoint admin center, centralizing lifecycle and reducing Global Administrator dependency. This streamlines app creation and installation, but shifts administrative privilege for app registration and management.

The Impact

SharePoint Embedded administrators are affected, with a security risk related to delegated app registration privileges.

• SharePoint Embedded Admins: Gain new app registration capabilities, requiring review of their permissions.
• Security Teams: Need to assess the scope of new SharePoint Embedded admin privileges for app creation.
• Global Admins: Reduced dependency for SharePoint Embedded app management, but oversight remains critical.

The Action

1. Review existing SharePoint Embedded administrator roles and their assigned permissions.
2. Assess if current SharePoint Embedded administrators require the ability to create and install apps.
3. Implement or reinforce Multi-Factor Authentication for all SharePoint Embedded administrators.
4. Monitor audit logs for SharePoint Embedded app creation and installation activities.

Domain: SharePoint · Impact: medium · Workload: SharePoint · Essential Eight: Restrict Administrative Privileges, Multi-Factor Authentication · ISM: ISM-0109, ISM-0123, ISM-0140, ISM-0445, ISM-0974, ISM-1173, ISM-1175, ISM-1228, ISM-1380, ISM-1401, ISM-1504, ISM-1505, ISM-1507, ISM-1508, ISM-1509, ISM-1647, ISM-1648, ISM-1650, ISM-1679, ISM-1680, ISM-1681, ISM-1682, ISM-1683, ISM-1686, ISM-1688, ISM-1689, ISM-1815, ISM-1819, ISM-1872, ISM-1873, ISM-1874, ISM-1883, ISM-1892, ISM-1893, ISM-1894, ISM-1897, ISM-1898, ISM-1906, ISM-1907