This precise type of phishing attack works in a specific way: users are easily tricked into providing access to their Microsoft 365 accounts. They end up granting permission to malicious Microsoft 365 OAuth.
However, things are about to change drastically, as Microsoft reveals:
End users will no longer be able to consent to new multi-tenant apps registered after November 8th, 2020 coming from unverified publishers.
What are these new Microsoft 365 updates all about?
The three updates under discussion are designed to strengthen the security of the entire Microsoft 365 app ecosystem.
Their focus areas include blocking end-user consent to unverified app publishers, the general availability of publisher verification, along with the availability of all app consent policies.
For example, customers can manage settings for user consent by choosing from the following built-in app consent policies:
Moreover, when using Azure AD PowerShell, admins can set up custom app consent policies for more granular control.
Configuring the user consent settings through the Azure portal is incredibly simple too. As an admin, simply sign in to the Azure portal and find your way to the Azure Active Directory.
While here, choose Enterprise applications > Consent and permissions > User consent settings and select the desired consent setting for all users. Finally, select Save to keep the recently made changes.
Thank you for viewing the article, if you find it interesting, you can support us by buying at the link:: https://officerambo.com/shop/
No comments:
Post a Comment