Forum Discussion

Iron Contributor

Jan 16, 2020

Solved

MCAS - High Severity Alert - "BUL-OauthAppPermissions-MicrosoftAccounts"

I recently reviewed a customers MCAS high severity alerts and noted a number of alerts with the subject - BUL-OauthAppPermissions-MicrosoftAccounts I cannot find any information online regarding ...

Cloud App Security

John_Lewis
Feb 06, 2020
PJR_CDF

Hi PJR_CDF,

The policy BUL-OauthAppPermissions-MicrosoftAccounts is not a built-in OAuth detection policy. You can find the built-in OAuth policies by navigating to “Policies” and filtering on type “OAuth app anomaly detection policy”. In addition, setting the policy filter to show “OAuth app policy” will reveal custom policies created by administrators. Using the cogwheel to edit the policy will reveal the criteria for triggering the alert and adjustments can be made. Also, accessing the “Actions” on the policy page will allow you to disable the policy.

John_Lewis

Former Employee

Feb 06, 2020

PJR_CDF

Hi PJR_CDF,

The policy BUL-OauthAppPermissions-MicrosoftAccounts is not a built-in OAuth detection policy. You can find the built-in OAuth policies by navigating to “Policies” and filtering on type “OAuth app anomaly detection policy”. In addition, setting the policy filter to show “OAuth app policy” will reveal custom policies created by administrators. Using the cogwheel to edit the policy will reveal the criteria for triggering the alert and adjustments can be made. Also, accessing the “Actions” on the policy page will allow you to disable the policy.