Global Admins can't find pending request for malware analysis

Question

I've got a software developer who is submitting a file for malware analysis via https://www.microsoft.com/en-us/wdsi/filesubmission. Upon submission, he gets a popup that says:

Request Pending
Windows Defender Security Intelligence

Your admin has been notified of your request to access this app. Once your admin reviews the request you will be notified via email.

We've got two global admins on our Microsoft Tenant, but neither are getting a notification of any kind. I tried going to security.microsoft.com > Actions & Submissions, then to the Actions Center and the Submissions center, and can't find anything there either.

How do the global admins approve this request to scan and certify a file as safe for software distribution?

Answer 1

The pending request and missing admin notification are caused by Microsoft Entra enterprise app consent settings for the Windows Defender Security Intelligence / file submission app. Global admins must grant or allow consent for this app before users can submit files.

Use the following steps in Microsoft Entra ID (Azure portal):

1. Check tenant-wide user consent setting
   1. Open Enterprise applications user settings: Enterprise applications → User settings (or go directly via the Enterprise application settings link in the documentation).
   2. Under Users can consent to apps accessing company data on their behalf, check whether Yes or No is selected.
      • If No is selected, users cannot complete the sign-in/consent flow and their request will stay in a pending state until an admin grants consent.
      • If Yes is selected, verify that the Windows Defender Security Intelligence app is enabled for users (next step).
2. Ensure the Windows Defender Security Intelligence app is enabled
   1. In Enterprise applications, locate the Windows Defender Security Intelligence app (the documentation link shows the appId f0cf43e5-8a9b-451c-b2d5-7285c785684d).
   2. Open the app’s Properties.
   3. Confirm Enabled for users to sign in? is set to Yes. If it is No, a Microsoft Entra admin must set it to Yes.
3. Grant admin consent for the app (resolves the “Request Pending” state)
   1. Still in the Windows Defender Security Intelligence enterprise app, go to Permissions.
   2. Select Grant admin consent for organization.
   3. Approve the requested permissions.
   This step must be done by a Global Administrator or Application Administrator. Once consent is granted, all users in the tenant can use the file submission portal without generating further pending requests.
4. If consent workflow is required in the tenant If the tenant uses the admin consent workflow instead of direct user consent:
   1. In Enterprise applications → User settings, set Users can request admin consent to apps they are unable to consent to to Yes (as shown in the documentation screenshot).
   2. The developer signs in again to the Microsoft Security Intelligence file submission portal and submits the consent request with justification.
   3. Global admins then review and approve the request under Enterprise applications → Admin consent requests in the Azure portal.
   4. After approval, the developer can resubmit the file and it will go through without the “Request Pending” block.

Once these enterprise app permissions and consent settings are correctly configured, the developer’s file submissions via the Microsoft Security Intelligence portal will work, and there is no separate approval step inside the Defender portal’s Submissions or Actions Center for this specific consent issue.

---

References:

• Troubleshoot Microsoft Defender XDR service issues
• Submit files for analysis
• Submit malware, non-malware, and other suspicious files to Microsoft for analysis
• Resolve false positive malware detections
• Antivirus and antimalware software: FAQ
• How do I report a suspicious email or file to Microsoft?