Threat Actors Increase Misuse of OAuth Applications

OAuth apps are a big part of the extensibility picture for Microsoft 365 tenants. As such, they are targeted by attackers as a good way to gain access to data. In a recent security blog, Microsoft recommends some steps to secure tenants. We’ve covered most of them in other articles, but it’s always good to pull the story together and rewrite a script to make it easier to report consent grants for apps.

Keeping Tabs on Entra ID Apps in Your Tenant

A new Microsoft 365 Audit Platform service plan is available to license solutions like App Governance in Microsoft 365 Defender for Cloud Apps. After a shaky start, App Governance includes some useful functionality, including a set of default policies to highlight apps that need some attention. If you don’t have the necessary licenses to use App Governance, there’s always the examination of raw data about app activity, like sign-in information for app service principals.