v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/microsoft365_compliance
Overview
4Dashboards
80Controls
21Queries
2Variables
GitHub

Control: 2.1 Ensure third party integrated applications are not allowed

Description

Do not allow third party integrated applications to connect to your services.

You should not allow third party integrated applications to connect to your services unless there is a very clear value and you have robust security controls in place. While there are legitimate uses, attackers can grant access from breached accounts to third party applications to exfiltrate data from your tenancy without having to maintain the breached account.

Remediation

To prohibit third party integrated applications, use the Microsoft 365 Admin Center:

  1. Select Admin Centers and Azure Active Directory.
  2. Select Users from the Azure navigation pane.
  3. Select Users settings.
  4. Set App registrations is set to No.
  5. Click Save.

Default Value: Yes

Usage

Run the control in your terminal:

powerpipe control run microsoft365_compliance.control.cis_v140_2_1

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run microsoft365_compliance.control.cis_v140_2_1 --share

SQL

This control uses a named query:

azuread_third_party_application_not_allowed

Tags

category = Compliance
cis = true
cis_item_id = 2.1
cis_level = 2
cis_section_id = 2
cis_type = manual
cis_version = v1.4.0
microsoft_365_license = E3
plugin = microsoft365
service = Azure/ActiveDirectory