Jan 10 2023 06:57 PM - edited Jan 10 2023 07:02 PM
I am assessing the security risks associated with older SharePoint App-Only authentication method. As per my analysis, this method is less secure than using the Azure AD App Registrations.
Both SharePoint App and an Azure AD App can authenticate with just a Client ID and a Client Secret. Anyone with these two properties can connect and invoke the APIs from anywhere in the world.
However, with Azure AD App, we have some protection offered by Azure AD built-in intelligent algorithms that could detect or protect against a potential attack. Furthermore, we could use Conditional Access for Workload identities to secure these principals. On the contrary, SharePoint App Only method does not have that protection as it bypasses the Azure AD completely, no conditional access policies apply.
Has anyone out there evaluated the security risks of these two and could share their thoughts?
Jan 11 2023 01:33 AM
Jan 11 2023 12:39 PM