Description
- Type: CUSTOMER
- Severity: WARNING
- Protection against: SOCIAL ENGINEERING
- CIS: -
This Customer Check verifies whether there are any apps registered in the Azure tenant that are suspicious and potentially malicious.
Why this check?
Attackers are increasingly deploying malicious Azure apps to gain access to data in your tenant. Employees are misled into believing that the app serves a legitimate purpose, but subsequently, your data is stolen or unsafe additions are made to your configuration.
Employees should not be able to activate apps just like that; other checks exist for this purpose. This check serves as a safeguard to review apps that may have gone through approval steps without your attention.
What possible outcomes does the check have?
This check has three possible outcomes. In Attic, this is reflected as follows:
- Okay: No apps with suspicious permissions were found.
- Warning: At least one registered app was found with permissions that could lead to potentially malicious behavior.
How should this be followed up?
If the output is Warning , we advise reviewing the identified apps and, if necessary, undoing the registration and investigating which actions were performed via the app during the time it was registered.
Comments
0 comments
Please sign in to leave a comment.