Ensuring Apps have Least Privilege (are not malicious)

Dean Gross · ‎Jul 09 2021

Can anyone provide any guidance about how to conduct a security review of applications that were previously authorized by users in AAD? What should we be looking for? How can we easily identify the apps with the most worrisome permissions that should get closer scrutiny?

VI_Migration · ‎Jul 09 2021

There's no easy answer here, as you need to understand what exactly each app is used for before making a call on its permissions. I would flag and review everything that uses application permissions, and when it comes to delegate permissions, things such as impersonation, everything that requires admin consent or if I really want to get thorough, even permissions such as Directory.Read.All.

I published an article/script on this a while back, take a look: https://practical365.com/inventorying-azure-ad-apps-and-their-permissions/

VI_Migration · ‎Jul 09 2021

There's no easy answer here, as you need to understand what exactly each app is used for before making a call on its permissions. I would flag and review everything that uses application permissions, and when it comes to delegate permissions, things such as impersonation, everything that requires admin consent or if I really want to get thorough, even permissions such as Directory.Read.All.

I published an article/script on this a while back, take a look: https://practical365.com/inventorying-azure-ad-apps-and-their-permissions/

View solution in original post

Ensuring Apps have Least Privilege (are not malicious)

Ensuring Apps have Least Privilege (are not malicious)

Re: Ensuring Apps have Least Privilege (are not malicious)

Re: Ensuring Apps have Least Privilege (are not malicious)

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Ensuring Apps have Least Privilege (are not malicious)