Feb 27 2021 11:12 PM - edited Feb 27 2021 11:27 PM
Hi Cloud Friends,
Today, developers build apps by integrating user and enterprise data from cloud platforms to enhance and personalize experiences. These cloud platforms are rich in data, but in turn have attracted malicious actors who attempt to gain unauthorized access to that data.
One such attack is consent phishing, in which attackers trick users into granting a malicious app access to sensitive data or other resources. Instead of trying to steal the user's password, an attacker asks for permission for an app controlled by the attacker to access valuable data.
These apps are often named to mimic legit apps, such as “0365 Access” or “Newsletter App”.
Here is one way to counteract these attacks.
1. Restricting users from registering new apps to Azure AD:
2. Preventing the users for giving consents to apps:
When you make these settings you need to know that as an administrator you will have to make the apps available to the users. So this means that you as an administrator will have more work.
Enormously important is also the training for the users. In many cases, such apps are not described correctly, or the spelling is wrong. Training your users regularly is another way to counter these attacks.
I hope this article was useful. Best regards, Tom Wechsler
Oct 14 2022 03:28 AM
If we totally block the users consent to apps, users can't install even the quality applications. So, it better to enable the Admin consent workflow to securely approve the app consent requests.
Useful, right?
Also, we can review the existing application permissions in our O365 and remove the malicious applications immediately.