In today's cloud-connected world, organizations rely heavily on SaaS applications to streamline operations and improve productivity. However, this has increased reliance on cloud services which exposes organizations to potential security threats. Among these threats are OAuth applications, which can be vulnerable due to insecure implementation, frequently misconfigured permissions, relying on user consent granting permissions to third-party apps and allowing lateral movement to bad actors that can lead to phishing.
App governance provides an essential layer of defense to help you to protect and improve the security posture of your OAuth enabled apps. Back in April, we announced that App governance will be included in Microsoft Defender for Cloud Apps, at no additional cost. We also did a walkthrough and overview of the features in our latest webinar.
Today, we will share how easy it is to deploy and the immediate value it provides in your SaaS Security strategy.
What are the benefits of App governance?
Visibility into suspicious app activities: Malicious OAuth applications can be used to spread spam and laterally move to gain further access to your environment. App governance helps prevent these types of attacks and others like consent phishing by giving you visibility into your connected apps, enabling you to detect and remediate any suspicious behavior or unauthorized apps.
Improving app compliance posture: App governance enables you to assess the compliance posture of apps in your environment. By providing insights into app permissions, usage, and risks, you can make informed decisions about which apps to allow or block. It also helps you to identify potential compliance issues that need to be addressed to enhance the overall compliance posture in your organization. Additionally, App governance integrates with Microsoft Purview Information Protection enabling you to maintain a unified compliance strategy across your applications and services.
How do I start using App governance?
App governance can be easily enabled in Microsoft 365 Defender. To opt-in, navigate to the Microsoft 365 Defender settings > Cloud Apps > App Governance > Service status > Enable “Use app governance” toggle bar. If you are using a trial license, then you will still need to follow these steps to continue using App governance.
Figure 1. How to opt-in to App Governance
Where do I start?
Once App governance is enabled, the best place to start is the dashboard. It provides an overview of your organization's connected apps, privilege levels, and usage patterns. The dashboard identifies the number of connected apps, high risk and overprivileged apps. It also provides information on data usage and sensitive labels accessed. The latest incidents section makes it easy and actionable for you to identify the latest threat detection and policy-based alerts in their environment.
Figure 2. App governance dashboard
The apps list shows you an overview of OAuth apps registered with Azure Active Directory in your environment, along with their registration data, privilege levels and usage data along with enriched app insights such as publisher name and certification status.
Figure 3. Apps list.
App governance will provide insights into anomalous behavior, the number of users, the volume of data transferred, sensitivity labels accessed by an app, permissions and latest activity. From all apps, select an app to see the insights.
Figure 4. App usage details.
How can I leverage the out of the box policies?
Once you enable App governance in your tenant, you automatically benefit from out of the box predefined policies. These policies enable you to monitor app behavior, detect anomalies, and take automated remediation actions. There will be no impact on your users after turning on App governance and enabling predefined policies unless the policy is set to “Disable app.”
Figure 5. App governance policies.
Lastly, App governance alerts are unified with Microsoft 365 Defender incidents and are correlated with other security workloads and suspicious activities in your environment.
Figure 6. Review Incidents.
App governance is an essential tool for organizations looking to safeguard their SaaS applications and maintain a robust security posture. With its ease of deployment, predefined policies, and comprehensive dashboard, it empowers you to detect and remediate malicious OAuth applications By providing visibility, insights, and automated remediation capabilities, App governance ensures that you stay ahead of potential threats and maintain a secure environment.
