Overview

Application Role Grant

The application role grant alert is triggered (as the name implies) when a new application role grant is given permission to access data within your tenancy.

Group 166 1

Application Role Grant

  • Stop hidden file and email access
  • Monitor for changes
  • Be proactive
  • Review existing grants
  • Protect data
Evaluation and Reportingk

Situations

Situations faced by the client

How is this check useful in the real world? For our example, let’s take Ken.

Problems Faced

Ken is browsing the internet, and sees a great new feature that promises to help sort out his email faster. Ken clicks next a few times, then an approve button, and that’s it – this external application now has access to read Ken’s emails (and potential write them, edit files, and a range of other functions).

We are hopeful that this application is ‘friendly’,  unfortunately not all of them are.  Some of these applications can sit in the background and take complete copies of your data without you even realising.

If a user adds an application, we strongly recommend vetting it – and removing any unwanted or unneeded applications.

Solution

It is time critical that new application role grants are identified quickly. An unwanted application can potentially (silently) read, and potentially even change your data.  This is a major security threat, and once approved, an application will completely by-pass Multi-Factor-Authentication (MFA).

Without attention, application role grants can remain running indefinitely.

Prevention

What are the main questions you should consider when working out how to manage this risk?

  • Do you have a any system or solution in place to detect new Application Role Grants?
  • If one of your users was to add an Application Role Grant today, would you find out?
  • How long do you think it would take you to discover a newly added Application Role Grant?
  • Have you ever checked your system for Application Role Grants?
  • What would the impact be on your organisation if a user account was compromised with a malicious Application Role Grant for an extended period of time without detection?
Problems Faced Ken is browsing the internet, and sees a great new feature that promises to help sort out his email faster. Ken clicks next a few times, then an approve button, and that’s it – this external application now has access to read Ken’s emails (and potential write them, edit files, and a range of other functions). We are hopeful that this application is ‘friendly’,  unfortunately not all of them are.  Some of these applications can sit in the background and take complete copies of your data without you even realising. If a user adds an application, we strongly recommend vetting it – and removing any unwanted or unneeded applications.
Solution It is time critical that new application role grants are identified quickly. An unwanted application can potentially (silently) read, and potentially even change your data.  This is a major security threat, and once approved, an application will completely by-pass Multi-Factor-Authentication (MFA). Without attention, application role grants can remain running indefinitely.
Prevention What are the main questions you should consider when working out how to manage this risk? Do you have a any system or solution in place to detect new Application Role Grants? If one of your users was to add an Application Role Grant today, would you find out? How long do you think it would take you to discover a newly added Application Role Grant? Have you ever checked your system for Application Role Grants? What would the impact be on your organisation if a user account was compromised with a malicious Application Role Grant for an extended period of time without detection?

MS365 Block Lists & Email Quarantine Management

Improve your Office 365 Security Governance New

The truth behind MFA and 365 security

365 Security in 2023

Welcome, and what a time to launch