Application Permissions - Ensure Third Party Integrated Applications Are Not Allowed
Summary
Reason
As stated above, third party integrated applications should not be allowed to be connected to your services, unless, there is a very clear value and you have robust security controls in place. Attackers can easily gain access via breached accounts to third party applications, in order to exfiltrate data from your tenancy without maintaining the breached account.
What If?
This change will affect both end users and administrators. While end users will not be able to integrate third-party applications that they really want to use, the administrators will probably receive requests from end users for permissions to the necessary third party applications.
How to?
- Select the Admin centers and Azure Active Directory.
- Select Users from the Azure navigation pane.
- Select Users settings.
- Set App registrations to No.
- Now, click Save.
Monitor:
- Select the Admin centers and Azure Active Directory.
- Select Users from the Azure navigation pane.
- Select Users settings.
- Verify if App registrations is set to No.
Comments
Post a Comment