SOLVED
Home

Azure AD Sign-ins Application name map?

%3CLINGO-SUB%20id%3D%22lingo-sub-219962%22%20slang%3D%22en-US%22%3EAzure%20AD%20Sign-ins%20Application%20name%20map%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-219962%22%20slang%3D%22en-US%22%3E%3CP%3EGreetings!%3C%2FP%3E%3CP%3EIs%20anyone%20aware%20of%20an%20Azure%20Active%20Directory%20Enterprise%20applications%20map%3F%3C%2FP%3E%3CP%3EIf%20you%20go%20into%20Enterprise%20applications%20-%20Sign-ins%20or%20get%20any%20of%20the%20reports%2C%20you%20will%20have%20some%20applications%20that%20don't%20quite%20explain%20themselves%20and%20cannot%20be%20found%20on%20the%20web.%26nbsp%3B%3C%2FP%3E%3CP%3EExample%3A%3C%2FP%3E%3CP%3EApplication%3A%26nbsp%3BOffice365%20Shell%20WCSS-Client%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20that%20the%20PowerShell%20MSOnline%20Module%3F%20When%20and%20how%20is%20the%20application%20utilized%3F%20etc.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAt%20least%20with%20some%20of%20the%20application%20descriptions%20you%20can%20trace%20them%20through%20the%20WWW%3B%20e.g.%20%22Netbreeze%22%26nbsp%3Baka%20%22Microsoft%20Social%20Listening%22%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThere%20are%20plenty%20of%20other%20examples.%3C%2FP%3E%3CP%3EAnyway%2C%20is%20there%20a%20location%20with%20the%20Applications'%20Names%20AND%20their%20IDs%20as%20they%20are%20reported%20in%20Azure%20AD%20sign-ins%20or%20Power%20BI%20to%20help%20administrators%20make%20informed%26nbsp%3Bdecisions%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-219962%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAccess%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EApplication%20Admin%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20Active%20Directory%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-313704%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20Sign-ins%20Application%20name%20map%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-313704%22%20slang%3D%22en-US%22%3EFrom%20Azure%20Support%3A%20%22Office365%20Shell%20WCSS.%20This%20is%20the%20Application%20Name%20of%20the%20Web%20Client%20Shell%20Service%20application%20that%20is%20part%20of%20Office%20365%20navbar%20(or%20suite%20header).%20The%20Office%20365%20navbar%20provides%20shared%20capabilities%20across%20Office%20365%20web%20apps%20like%20the%20O365%20app%20launcher.%20This%20application%20will%20appear%20in%20the%20Azure%20AD%20Sign-in%20Report%20when%20an%20Azure%20AD%20user%20logs%20into%20an%20Office365%20web%20application.%20The%20URL%20for%20this%20%E2%80%9Capp%E2%80%9D%20should%20be%20%3CA%20href%3D%22https%3A%2F%2Fwebshell.suite.office.com%2Fiframe%2FTokenFactoryIframe%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwebshell.suite.office.com%2Fiframe%2FTokenFactoryIframe%2F%3C%2FA%3E.%20%22%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-303239%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20Sign-ins%20Application%20name%20map%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-303239%22%20slang%3D%22en-US%22%3E%3CP%3EI've%20had%20a%20dig%20around%20Azure%20Advisors%20and%20cannot%20find%20any%20pointers%20either.%3C%2FP%3E%3CP%3EI%20think%20in%20this%20context%20WCSS%20stands%20for%20WAP%20CSS%20which%20in%20turn%20stands%20for%20Wireless%20Application%20Protocol%20Cascading%20Style%20Sheet.%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20user%20agents%20I%20see%20however%20are%20IE%2C%20Edge%20and%20Chrome.%20OS%20versions%20are%20Win%207%2C%208.1%20and%2010.%3C%2FP%3E%3CP%3EHowever%20from%20this%20reverse%20engineering%20I%20haven't%20been%20able%20to%20establish%20which%20application%2Finterface%20in%20O365%20this%20is.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-288539%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20Sign-ins%20Application%20name%20map%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-288539%22%20slang%3D%22en-US%22%3E%3CP%3EIt's%20way%20too%20common%20in%20the%20sign-in%20logs%20that%20I'm%20looking%20at%20to%20be%20PowerShell%20access%2C%20which%20seems%20to%20show%20up%20as%20%22%3CSPAN%3EOffice%20365%20Exchange%20Online%22%20(with%20the%20Client%20app%20portion%20showing%20as%20%22%3C%2FSPAN%3EOther%20clients%3B%20Older%20Office%20clients%22)%3CSPAN%3E.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EThe%20one%20you're%20talking%20about%20seems%20to%20result%20from%20common%20browser%20access.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-220465%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20Sign-ins%20Application%20name%20map%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-220465%22%20slang%3D%22en-US%22%3E%3CP%3EYes%2C%20it%20shows%20a%20name%20and%20id.%20It%20does%20not%20give%20any%20information%20as%20to%20what%20the%20services%20actually%20do%20and%20what%20other%20names%20the%20service%20goes%20by%20in%20the%20other%20reports%20nor%20why%20the%26nbsp%3Bservices%20are%20running.%20This%20should%20be%20a%20normal%20part%20of%20documentation%20even%20if%20it%20is%20restricted%20information%20only%20presented%20to%20those%20in%20Global%20Admin%20role.%20Microsoft%20has%20document%20security%20and%20rights%20management.%20They%20should%20use%20it%20and%20make%20the%20data%20they%20provide%20useful.%20We%2C%20the%20paying%20customers%2C%20should%20not%20be%20forced%20to%20reverse%20engineer%20every%20process%20or%20data%20point%20in%20order%20to%20actually%20understand%20it.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-220463%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20Sign-ins%20Application%20name%20map%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-220463%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20James%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWith%20Azure%20AD%20if%20you%20added%20any%20application%20that%20will%20be%20listed%20in%20enterprise%20application%20section%2C%26nbsp%3B%3C%2FP%3E%3CP%3Ebut%20there%20are%20many%20services%20which%20run%20under%20the%20hood%20and%20for%20which%20we%20usually%20control.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EClick%20on%20enterprise%20applications%20and%20then%20apply%20a%20filter%20to%20Microsoft%20Applications%20%2C%20any%20%2C%20any.%3C%2FP%3E%3CP%3E%26nbsp%3B%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20776px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F38497i11D7025FEA5D5890%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Untitled.png%22%20title%3D%22Untitled.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EThis%20is%20will%20give%20you%20the%20list%20of%20all%20the%20application(basically%20service%20principal%20objects)%20with%20their%20object%20ID%20and%20application%20ID's.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards%2C%3C%2FP%3E%3CP%3ERishabh%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-220032%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20Sign-ins%20Application%20name%20map%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-220032%22%20slang%3D%22en-US%22%3EI%20think%20you%20may%20have%20to%20contact%20support%20for%20those.%3CBR%20%2F%3E%3CBR%20%2F%3EThis%20might%20also%20be%20of%20value%20to%20you%20together%20with%20that%20report%20as%20it'll%20give%20you%20an%20overview%20of%20what%20permissions%20all%20those%20applications%20actually%20have%3A%20%3CA%20href%3D%22http%3A%2F%2Fwww.lieben.nu%2Fliebensraum%2F2018%2F07%2Ffull-azuread-applications-permission-overview%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Fwww.lieben.nu%2Fliebensraum%2F2018%2F07%2Ffull-azuread-applications-permission-overview%2F%3C%2FA%3E%3C%2FLINGO-BODY%3E
Deleted
Not applicable

Greetings!

Is anyone aware of an Azure Active Directory Enterprise applications map?

If you go into Enterprise applications - Sign-ins or get any of the reports, you will have some applications that don't quite explain themselves and cannot be found on the web. 

Example:

Application: Office365 Shell WCSS-Client 

Is that the PowerShell MSOnline Module? When and how is the application utilized? etc.

 

At least with some of the application descriptions you can trace them through the WWW; e.g. "Netbreeze" aka "Microsoft Social Listening" 

 

There are plenty of other examples.

Anyway, is there a location with the Applications' Names AND their IDs as they are reported in Azure AD sign-ins or Power BI to help administrators make informed decisions? 

6 Replies
I think you may have to contact support for those.

This might also be of value to you together with that report as it'll give you an overview of what permissions all those applications actually have: http://www.lieben.nu/liebensraum/2018/07/full-azuread-applications-permission-overview/

Hello James,

 

With Azure AD if you added any application that will be listed in enterprise application section, 

but there are many services which run under the hood and for which we usually control.

 

Click on enterprise applications and then apply a filter to Microsoft Applications , any , any.

 Untitled.png

This is will give you the list of all the application(basically service principal objects) with their object ID and application ID's.

 

Regards,

Rishabh

Yes, it shows a name and id. It does not give any information as to what the services actually do and what other names the service goes by in the other reports nor why the services are running. This should be a normal part of documentation even if it is restricted information only presented to those in Global Admin role. Microsoft has document security and rights management. They should use it and make the data they provide useful. We, the paying customers, should not be forced to reverse engineer every process or data point in order to actually understand it. 

It's way too common in the sign-in logs that I'm looking at to be PowerShell access, which seems to show up as "Office 365 Exchange Online" (with the Client app portion showing as "Other clients; Older Office clients").

 

The one you're talking about seems to result from common browser access.

I've had a dig around Azure Advisors and cannot find any pointers either.

I think in this context WCSS stands for WAP CSS which in turn stands for Wireless Application Protocol Cascading Style Sheet. 

The user agents I see however are IE, Edge and Chrome. OS versions are Win 7, 8.1 and 10.

However from this reverse engineering I haven't been able to establish which application/interface in O365 this is. 

 

Solution
From Azure Support: "Office365 Shell WCSS. This is the Application Name of the Web Client Shell Service application that is part of Office 365 navbar (or suite header). The Office 365 navbar provides shared capabilities across Office 365 web apps like the O365 app launcher. This application will appear in the Azure AD Sign-in Report when an Azure AD user logs into an Office365 web application. The URL for this “app” should be https://webshell.suite.office.com/iframe/TokenFactoryIframe/. "
Related Conversations
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
30 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
7 Replies