Detection and Response to Potentially Harmful Apps [CHK-1176]
This check identifies applications known to be utilized by cybercriminals in your Microsoft 365 environment.
Rationale
Cybercriminals often use registered applications in Microsoft 365 to maintain long-term access to an environment. These apps are frequently involved in cyber incidents such as Business Email Compromise (BEC) or CEO/Payment fraud.
Fix
An automated fix is available through Attic. It will be offered via a ticket in Attic, which you can accept.
To fix it yourself:
- Check whether the use of the app by the user in question is legitimate.
- If not: consider the account compromised, revoke all sessions, disable it, and investigate potential abuse before re-enabling it.
- If so: add the app to ignored apps in the Attic configuration so that no new alerts are triggered.
Impact
Removing or ignoring unauthorized apps reduces the risk of cybercriminals gaining long-term access to your environment.
More Information
For more details, visit the Huntress GitHub repository.