Forum Discussion
MicrosoftMCAS Webinar Q&A
Hi Hope this is where we still post question?
Great presentation today by GershonLevitz-MSFT , thank you.
Q1:
In the area of OAuth Apps, and the manage OAuth Apps, when there is a policy say to get details on users that grant access/connection to to a 3rd party application, how is the user identified. Is it a requirement that access to the 3rd party app/service access is via AAD SSO, so the user can be linked and track the permission that they grant?
Q2:
In relation to all the details covered today, how would these controls and monitors work arounf connectors in PowerApps and Flow?
lets say in a direct action extreme case, a "Risky OAuth" policy is put in place for all permission access to Google, and if access given we take the action to revoke permission or suspend account, would this prevent a user from using a Google connector in flow?
Q3:
For APIs that do not use username password Authentication, via 3rd party or IdP like AAD to gain access to user their service, and use something like a API Key, for example th e"PagerDuty" connector in Flow, what can MCAS offer here and what details and actions would be given.
Thank you
Microsoft
Q1: This can be the AAD account, but not only. This could be on the SalesForce of G Suite account, for example, even if SSO is configured at the AAD level.
Q2: No, this is a different process. MCAS look at the delegated accesses granted at the AAD account (or corp Google account, etc) level, but doesn't look at the connections configured in Flow connections.
If the connection is passing through Flow, then MCAS consider the delegated access as coming from Flow and not from a 3rd party app.
Q3: Am I correct to think that your example is using Flow to access some data in O365/account, rather than having a delegated access to the service itself ?
If This is correct, then MCAS doesn't have visibility on this and would rely on the Flow admin center to get the details.