Description
- Type: CUSTOMER
- Severity: WARNING
- Protection against: SOCIAL ENGINEERING
This Monitoring Check verifies whether an administrator has approved risky apps on behalf of the entire organization.
Why this check?
Azure apps can be exploited for malicious purposes by attackers. Therefore, it is advised to allow only administrators the right to grant new apps access to the tenant. This is managed within Attic via CHK-1128.
This check CHK-1138 verifies whether administrators have granted permission to new apps that request risky access.
What are the possible outcomes of the check?
This check has two possible outcomes. In Attic, this is reflected as follows:
- Okay: No (new) risky apps have been found that have obtained permission
- Warning: A new, risky app has been detected to which permission to the Microsoft tenant has been granted.
How should this be followed up?
If the output is Warning, we advise checking the granted permission and revoking it if necessary. The details are shared via a ticket.
Comments
0 comments
Please sign in to leave a comment.