Forum Discussion
User app registration - exploitable for BEC?
Hello. Recently dealt with a case of BEC. I'm not trained in forensics, but doing my best. Appears the hacker used an application called eM Client for their attack, getting access to a user's mailbox...
Yes, you should disable App registrations, regular user have no need for this functionality. And you should also restrict consent to third-party apps, the steps on that are here: https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/configure-user-consent?pivots=portal
I'd even argue that you should block consent altogether, but that depends on how much third-party apps are in use in your tenant. Regardless, app registrations should be disabled.
Great, thank you Vasil, I have locked down for now until I can get a bit more of an understanding.
