Troubleshooting malware submission errors caused by administrator block

In some instances, an administrator block might cause submission issues when you try to submit a potentially infected file to the Microsoft Security intelligence website for analysis. The following process shows how to resolve this problem.

Review your settings

Open your Azure Enterprise application settings. Under Enterprise Applications > Users can consent to apps accessing company data on their behalf, check whether Yes or No is selected.

  • If No is selected, an Azure AD administrator for the customer tenant will need to provide consent for the organization. Depending on the configuration with Azure AD, users might be able to submit a request right from the same dialog box. If there's no option to ask for admin consent, users need to request for these permissions to be added to their Azure AD admin. Go to the following section for more information.

  • If Yes is selected, ensure the Windows Defender Security Intelligence app setting Enabled for users to sign in? is set to Yes in Azure. If No is selected, you'll need to request an Azure AD admin enable it.

Implement Required Enterprise Application permissions

This process requires a global or application admin in the tenant.

  1. Open Enterprise Application settings.

  2. Select Grant admin consent for organization.

  3. If you're able to do so, review the API permissions required for this application, as the following image shows. Provide consent for the tenant.

    grant consent image.

  4. If the administrator receives an error while attempting to provide consent manually, try either Option 1 or Option 2 as possible workarounds.

Option 1 Approve enterprise application permissions by user request

Note

This is currently a preview feature.

Azure Active Directory admins will need to allow for users to request admin consent to apps. Verify the setting is configured to Yes in Enterprise applications.

Enterprise applications user settings.

More information is available in Configure Admin consent workflow.

Once this setting is verified, users can go through the enterprise customer sign-in at Microsoft security intelligence, and submit a request for admin consent, including justification.

Contoso sign in flow.

Admin will be able to review and approve the application permissions Azure admin consent requests.

After providing consent, all users in the tenant will be able to use the application.

This process requires that global admins go through the Enterprise customer sign-in flow at Microsoft security intelligence.

Consent sign in flow.

Then, admins review the permissions and make sure to select Consent on behalf of your organization, and then select Accept.

All users in the tenant will now be able to use this application.

Option 3: Delete and readd app permissions

If neither of these options resolve the issue, try the following steps (as an admin):

  1. Remove previous configurations for the application. Go to Enterprise applications and select delete.

    Delete app permissions.

  2. Capture TenantID from Properties.

  3. Replace {tenant-id} with the specific tenant that needs to grant consent to this application in the URL below. Copy this URL into browser. The rest of the parameters are already completed. https://login.microsoftonline.com/{tenant-id}/v2.0/adminconsent?client_id=f0cf43e5-8a9b-451c-b2d5-7285c785684d&state=12345&redirect_uri=https%3a%2f%2fwww.microsoft.com%2fwdsi%2ffilesubmission&scope=openid+profile+email+offline_access

    Permissions needed.

  4. Review the permissions required by the application, and then select Accept.

  5. Confirm the permissions are applied in the Azure portal.

    Review that permissions are applied.

  6. Sign in to Microsoft security intelligence as an enterprise user with a non-admin account to see if you have access.

If the warning is not resolved after following these troubleshooting steps, call Microsoft support.