[THEME] OAuth Apps
The OAuth Apps theme controls how third-party applications can access your Microsoft 365 environment. OAuth apps are programs that gain access to the Microsoft cloud on behalf of users, and without proper controls, they can be a significant security risk.
What does Attic do?
Attic monitors application consent settings and detects potentially malicious or overprivileged applications in your tenant.
The checks in this theme cover:
- Whether users can register applications themselves
- User consent policies are properly configured to limit what apps users can approve
- Detection of suspicious admin consent grants
- Admin consent flow is enabled (so requests go through proper approval)
- App registration secrets are monitored for expiry
- App registration certificate usage is reviewed
- Detection of rogue or unauthorized applications
Why is this important?
Malicious OAuth apps are increasingly used by attackers to gain persistent access to cloud environments. A user who grants consent to a malicious app unknowingly gives an attacker access to their email, files, and contacts. By restricting consent policies and monitoring app registrations, you prevent unauthorized applications from accessing your organization's data.
Checks in this theme
| ID | Check |
|---|---|
| CHK-1120 | Limit App-registrations to admins |
| CHK-1128 | App consent policy |
| CHK-1138 | New app-consent by admin |
| CHK-1146 | App-consent via Admin |
| CHK-1162 | App Secret expires |
| CHK-1163 | App Certificate expires |
| CHK-1176 | Detection of potentially harmful apps |