Hi Cloud Friends,

Today, developers build apps by integrating user and enterprise data from cloud platforms to enhance and personalize experiences. These cloud platforms are rich in data, but in turn have attracted malicious actors who attempt to gain unauthorized access to that data.

One such attack is consent phishing, in which attackers trick users into granting a malicious app access to sensitive data or other resources. Instead of trying to steal the user's password, an attacker asks for permission for an app controlled by the attacker to access valuable data. 

These apps are often named to mimic legit apps, such as “0365 Access” or “Newsletter App”. 

Here is one way to counteract these attacks.

1. Restricting users from registering new apps to Azure AD:

2. Preventing the users for giving consents to apps:

When you make these settings you need to know that as an administrator you will have to make the apps available to the users. So this means that you as an administrator will have more work.

As an administrator for the respective app (enterprise application), you should configure the consent for the necessary permissions on behalf of the user. But really do not flip the "big switch" that all users can give consent of permissions for ALL apps.

Enormously important is also the training for the users. In many cases, such apps are not described correctly, or the spelling is wrong. Training your users regularly is another way to counter these attacks.

I hope this article was useful.

Best regards, Tom Wechsler