For each workspace onboarded to ContraForce, there are multiple service principals that should be consented.
Overview
At the start of every ContraForce onboarding, the ContraForce Portal and ContraForce API will be consented (links below for the respective technical articles covering these enterprise applications).
After the two base enterprise applications have been consented, the user can further customize the permissions around ContraForce via the Workspaces page for the tenant. By default, all service principals will be unconsented. Below a page has been linked for every service principal and provides an overview of the permissions associated with each option.
Gamebooks for Microsoft Defender for XDR
Gamebooks for Network
Consent vs Consent for Partner
The Consent option applies to giving users within the onboarded tenant the ability to utilize the service principal. When a partner onboards an end-customer tenant, the "Consent for Partner" option needs to be selected for the service principal. This will allow the partner to execute gamebooks and use ContraForce without having to sign in with a separate user within the end-customer's tenant.
If you have any questions about ContraForce service principals, contact us at support@contraforce.com.