Forum Discussion

Dean_Gross's avatar
Dean_Gross
Silver Contributor
Jun 27, 2020

Blocking OAuth Phishing

a recent RiskyBiz podcast described ongoing OAuth phishing attacks and they claim that the only way to prevent this is with MCAS and an E5 license, see https://risky.biz/newsletter15/ for the details...
Cloud App Security
PeterRising's avatar
PeterRising
MVP
Jun 28, 2020

Dean_Gross 

 

I would essentially disagree with the statement that having MCAS is the only way you can prevent this. I agree that it can certainly help, and I always say that if you can afford MCAS, then get MCAS as it is an awesome tool.

 

However, the links provided in the article including https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/detect-and-remediate-illicit-consent-grants?view=o365-worldwide and https://docs.microsoft.com/en-us/cloud-app-security/investigate-risky-oauth and https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/manage-consent-requests all show techniques that can help you to identify and prevent such attacks.

 

So in my opinion, this can be done without MCAS, but MCAS will make it a hell of a lot easier for you.

Dean_Gross's avatar
Dean_Gross
Silver Contributor
Jun 29, 2020
Thanks, given that there is almost always many ways to do something, I was concerned that the otherwise very reliable host of that show had made such a bold statement that an E5 license was required. He was very critical of MS for this, and while criticism is frequently warranted, it seemed excessive in that show. When this topic comes up for my clients, i'll be sure to discuss all of the options you have shared.