may know, it’s possible for your users to sign-in to SaaS based applications
using their Azure AD account. By doing this, a Single Sign On (SSO) experience
is created for the user. Before this SSO for an SaaS based application is
possible though, the user needs to accept (a) permission request(s) from the
application allowing the application to access the users data on its users
behalf, even when the user is not using the application.
Added February 11th: Erik Loef pointed me to the following two interesting articles detailing on how oAuth can be used to exploit Office 365 environments. See:
has quietly introduced the option to automatically block connections to
unsanctioned cloud apps from the Microsoft Cloud App Security (MCAS) console.
This is accomplished by integrating MCAS with Microsoft Defender Advanced
Threat Protection (MDATP).
the information available in Cloud App Security, the app’s domains are used to
create domain indicators in the Microsoft Defender ATP portal. Within
Windows Defender the Exploit Guard Network Policy option is used to block the
access to the URLs. This will eventually result in the following notification
sent to the user.
blog post I will explain how to setup this functionality when Microsoft Intune
is used and what the behavior is within Windows 10. This assumes that you are
licensed for both MCAS and MDATP, in my case by using a Microsoft365 E5
Privacy & Cookies Policy
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.