Third-party apps should only be accepted by IT specialists after a vetting process. This will prevent normal users from accepting apps. Admins will still be able to consent to applications.

Consenting to applications sometimes allows third parties to access personal information from your users. It's essential to closely audit apps that are installed in your organization. An app that has been certified by Microsoft may seem harmless on its own, but it might also have vulnerabilities that can expose company data.

This setting can be found in the Microsoft Admin Center, in Settings/Org settings/Services/User consent to apps section, but the setting is also available in the Azure Active Directory with further customization. If you want to use these customizations, we recommend leaving the Office Protect setting on - it will not enter in conflict with the Azure Active Directory setting.

The operation to look for in the Unified Audit Logs: Update company settings

Microsoft’s documentation on end-user consent to applications: