Working on NIST 800-171 and getting our M365 tenant in shape, so that it's meeting all the controls it can meet. Working through Purview with the Compliance Manager, it suggests turning on a policy to notify when new OAuth Apps are connected, and based on what permissions they have. Been pulling my hair out on this one, trying to set the policy correctly, but I cannot get it to pass. Does anyone know of a guide for what to set up in M365 GCC to get the maximum bang for your buck as far as controls covered?