app governance (microsoft.com)
We are excited to announce the general availability of app governance, a security and policy management capability to monitor and govern app behaviors and quickly identify, alert, and protect from risky behaviors. App governance is designed for OAuth-enabled apps that access Microsoft 365 data via Microsoft Graph APIs.
Microsoft’s security and threat research teams have broadly observed an uptick of security incidents involving apps, both in terms of frequency and impact. These incidents span a wide range, including malicious apps engaging in OAuth consent phishing, as well as good but vulnerable apps being exploited by bad actors.
This situation is exasperated by a lack of good app/API hygiene, inadequate governance capabilities, and a lack of oversight on app permissions. Many apps are:
- Over-permissioned – meaning the scope of permission is beyond what is required by the app to accomplish its intended use-
- Highly-permissioned – meaning the type and level of access include sensitive information and high-value users that are not required.
App governance is cloud-based and native to the Microsoft 365 platform, so there is no need to deploy additional infrastructure or services. This provides a simplified onboarding and management experience that can be quickly deployed in customer environments.