Control: 2.1 Ensure third party integrated applications are not allowed
Description
Do not allow third party integrated applications to connect to your services.
You should not allow third party integrated applications to connect to your services unless there is a very clear value and you have robust security controls in place. While there are legitimate uses, attackers can grant access from breached accounts to third party applications to exfiltrate data from your tenancy without having to maintain the breached account.
Remediation
To prohibit third party integrated applications, use the Microsoft 365 Admin Center:
- Select
Admin CentersandAzure Active Directory. - Select
Usersfrom the Azure navigation pane. - Select
Users settings. - Set
App registrationsis set toNo. - Click
Save.
Default Value: Yes
Usage
Run the control in your terminal:
powerpipe control run microsoft365_compliance.control.cis_v140_2_1Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run microsoft365_compliance.control.cis_v140_2_1 --shareSQL
This control uses a named query:
select tenant_id || '/' || id as resource, case when not (default_user_role_permissions -> 'allowedToCreateApps')::bool then 'ok' else 'alarm' end as status, case when not (default_user_role_permissions -> 'allowedToCreateApps')::bool then tenant_id || ' has third party integrated applications not allowed.' else tenant_id || ' has third party integrated applications allowed.' end as reason , tenant_id as tenant_idfrom azuread_authorization_policy;