EIDSCA.CR04 - Consent Framework - Admin Consent Request - Consent request duration (days).

Overview

Specifies the duration the request is active before it automatically expires if no decision is applied

Test script

https://graph.microsoft.com/beta/policies/adminConsentRequestPolicy
.requestDurationInDays -le 30

Related links

• Open in Graph Explorer
• adminConsentRequestPolicy resource type - Microsoft Graph v1.0 | Microsoft Learn
• View in Microsoft Entra admin center

MITRE ATT&CK

Tactic	Technique	Mitigation
TA0001 - Initial Access - Initial Access TA0005 - Defense Evasion - Stealth TA0006 - Credential Access - Credential Access TA0008 - Lateral Movement - Lateral Movement	T1078 - Valid Accounts T1528 - Steal Application Access Token T1550 - Use Alternate Authentication Material T1550.001 - Use Alternate Authentication Material: Application Access Token T1566.002 - Phishing: Spearphishing Link	M1018 - User Account Management M1017 - User Training

Test Metadata

Field	Value
Test ID	EIDSCA.CR04
Severity	High
Suite	Entra ID SCA
Category	General
PowerShell test	Test-MtEidscaCR04
Tags	EIDSCA, EIDSCA.CR04

Source

• Pester test: tests/EIDSCA/Test-EIDSCA.Generated.Tests.ps1
• PowerShell source: powershell/internal/eidsca/Test-MtEidscaCR04.ps1