Forum Discussion
How Microsoft thwarts phishing attacks with Office 365
That's true Petr, it's always a balancing act and is important to get the right approach, that doesn't unnecessarily diminish productivity but also protects from different types of threats. Things like conditional access and MFA are great in those regards.
Microsoft has talked more about what they are calling Illicit Consent Grants, which was the approach used in that proof of concept to encrypt a user's Office 365 mailbox for ransom.
"Office 365 Security has been tracking an emergent threat to customer data in the Office 365 cloud over the last year. This blog post is intended to help IT Administrators of Office 365 organizations detect, monitor, and remediate this threat."
Microsoft is recommending admins proactively run at least weekly a script to unearth applications with illicit permissions. Further advice here - https://blogs.technet.microsoft.com/office365security/defending-against-illicit-consent-grants/.
It would be great if these are added in Azure AD reporting, as currently this can only be viewed on a per-user basis in the portal. Then get them added to Secure Score, as an additional check.
The problem for us is only options provided:
- Allow and "grant" all apps to users (and after that checking added apps)
- Allow only set of apps explicitly added by IT (and hoping that we do not miss important app)
But users do not want to contact IT about asking for access. They likely to start complain within kitchens. :-)
I liked if there will be the third option: Let user add the app, IT receive this request and accept or deny the app, then user is notified and app is granted to him.
Agreed, the options are rather basic and could do with more finessing, like what you have suggested. In other news, https://twitter.com/Office365Ninjas/status/957070300063129605 for phishing and brute force testing with end-users. Not much to go on yet but it's already looking very promising!