Site icon TheWindowsUpdate.com

Announcing Enhanced Malicious OAuth Activity Detection Capabilities in App Governance

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Tech Community.

App governance is a security and policy management capability that customers can use to monitor and govern app behaviors and quickly identify, alert, and protect from risky app behaviors. App governance is designed for OAuth-enabled apps that access Microsoft 365 data via Microsoft Graph APIs.  

 

App governance provides you with:

 

 

Risks in the App Ecosystem

With the increase in popularity of global cloud platforms, the number of cloud applications developed by Service Providers, Independent Service Vendors (ISVs), and Citizen developers have been on a steep incline. This growth has, in turn, attracted malicious actors seeking to exploit the platform and its users to gain access to valuable data and resources resulting in an uptick of security incidents involving apps, both in terms of frequency and impact.

 

These incidents span a wide range, including malicious apps engaging in OAuth consent phishing, as well as apps in good standing that are vulnerable to being exploited by bad actors. With hundreds to thousands of apps in an organization capable of accessing data, administrators find it even more challenging to audit the apps running in their environment and to ensure they are protected from malicious or non-compliant apps.

 

Third-Party OAuth apps can be used for several malicious activities through Graph API, including:

 

 

Detection of anomalous third-party app Graph API with app governance

App governance has enhanced its existing detection of third-party apps based on anomalous Graph API anomalous third-party app Graph API activities with the introduction of three new detections – email read, email search, and OneDrive or SharePoint Search activities.

 

Detection of third-party apps based on anomalous Graph API call to read emails:

Alert Name: App with Suspicious OAuth scope made graph calls to read email and create Inbox Rule

Graph API activities included in this detection:

 

Detection of third-party apps based on anomalous Graph API call to search email:

Alert Name: App creates inbox rule and made unusual email searches activities

Graph API activities included in this detection:

 

Detection of third-party apps based on anomalous Graph API call to OneDrive or SharePoint:

Alert Name: App made OneDrive / SharePoint search activities and created inbox rule

Graph API activities included in this detection:

 

Deep visibility and insights  

App governance is cloud-based and native to the Microsoft 365 platform, so there’s no need to deploy additional infrastructure or services. This provides a simplified onboarding and management experience that can be quickly deployed in customer environments.

 

App governance provides a deep and intuitive dashboard experience that is familiar to administrators. The tenant summary view provides:

 

Get Started

App governance is an add-on feature for Microsoft Cloud App Security and is initially available as a public preview to existing Microsoft Cloud App Security customers in certain regions of North America and Europe with other regions being added gradually the next few months.

 

Additional resources

App governance is part of a broad and comprehensive set of capabilities to protect your environment from cloud app-related threats.

 

Thank you,

Microsoft 365 Team

Exit mobile version