Description
- Type: CUSTOMER
- Severity: WARNING
- Protection against: SOCIAL ENGINEERING
- CIS: -
- FIX Available: YES
This Customer Check verifies whether employees have the right to create new apps in your Microsoft environment.
Why this check?
Apps can be used by an attacker to maintain access to an Azure AD environment. They can also be used to conduct phishing attacks on other users. It is advisable to disable app registration for regular users.
What are the possible outcomes of the check?
This check has two possible outcomes. In Attic, this is reflected as follows:
- Okay: The ability to register apps is reserved for administrators.
- Warning: The ability to register apps is enabled for all employees.
How should this be followed up?
If the output is Warning , we advise disabling the option UsersPermissionToCreateLOBAppsEnabled.
A Fix is available for this check, which we will offer through Attic.
Comments
0 comments
Please sign in to leave a comment.