Introduction
This document describes how to discover and assess third-party applications connected to Microsoft 365 tenants via OAuth.
Overview
Third-Party Apps Discovery provides comprehensive insights into third-party applications, extensions, and plug-ins granted access to a Microsoft 365 (M365) tenant through OAuth. This feature enables identification of connected applications and understanding of authorized access scopes, including a risk score to highlight potentially risky permissions.
Importance
This feature enhances the ability to manage and secure M365 environments by providing visibility into third-party app connections and highlighting risky access scopes. It empowers informed decisions and proactive mitigation of potential security threats.
Risks of OAuth-Based Integrations
OAuth-based integrations improve productivity and streamline workflows but can pose significant security risks. Third-party apps often request various permissions or access scopes, ranging from basic read-only access to sensitive permissions allowing data modification or administrative control. Improper management of these permissions can expose the organization to data breaches, unauthorized access, and other vulnerabilities.
Risk Score Calculation
The system rates all authorization scopes as low, mid, or high risk based on potential impact. For example:
- Scopes granting access to basic user details are low risk.
- Scopes allowing data writing, editing, or configuration changes are high risk.
The highest risk level among all access scopes granted to an app is displayed. This approach ensures awareness of the most significant risks associated with each third-party application.
Accessing Third-Party Apps Discovery
To access this feature in the Umbrella dashboard, navigate to Reporting > Additional Reports > Third-Party Apps.
Additional Information
Refer to Umbrella documentation for guidance on using Third-Party Apps report:
Third Party Apps Report
Enable Cloud Access Security Broker for Microsoft 365 Tenants
Feedback