General

This check verifies whether there are Apps registered where the owner is a user without administrative rights.

Rationale

Registered Applications can pose a potential backdoor into the Microsoft 365 environment. Apps themselves can have permissions, which may differ from the permissions of the app’s owner. In theory, an app could have administrative rights, allowing the owner to gain more access than intended.

Manual instruction

Follow these steps to check the app registration:

1. Open the Entra ID Admin Center via https://entra.microsoft.com
2. Go to Azure AD > App Registrations
3. Select the application to check
4. Review the application’s permissions
5. Click on the Owners tab to see which users are listed as owners of the app
6. Verify whether this user is allowed to have the application’s permissions. If not, remove the user(s) from the list of owners

It is also possible to register a specific application in Attic as an ignored application, so that no new alerts are generated about it. 

More information

1. https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/overview-assign-app-owners