turbot/microsoft365_compliance

Control: 2.1 Ensure third party integrated applications are not allowed

Description

Do not allow third party integrated applications to connect to your services.

You should not allow third party integrated applications to connect to your services unless there is a very clear value and you have robust security controls in place. While there are legitimate uses, attackers can grant access from breached accounts to third party applications to exfiltrate data from your tenancy without having to maintain the breached account.

Remediation

To prohibit third party integrated applications, use the Microsoft 365 Admin Center:

  1. Select Admin Centers and Azure Active Directory.
  2. Select Users from the Azure navigation pane.
  3. Select Users settings.
  4. Set App registrations is set to No.
  5. Click Save.

Default Value: Yes

Usage

Run the control in your terminal:

powerpipe control run microsoft365_compliance.control.cis_v150_2_1

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run microsoft365_compliance.control.cis_v150_2_1 --share

SQL

This control uses a named query:

azuread_third_party_application_not_allowed

Tags