home.social

#enterprise-apps โ€” Public Fediverse posts

Live and recent posts from across the Fediverse tagged #enterprise-apps, aggregated by home.social.

fetched live
  1. ๐๐ฅ๐จ๐œ๐ค๐ข๐ง๐  ๐ฎ๐ฌ๐ž๐ซ ๐œ๐จ๐ง๐ฌ๐ž๐ง๐ญ ๐ญ๐จ ๐Œ๐ข๐œ๐ซ๐จ๐ฌ๐จ๐Ÿ๐ญ ๐„๐ง๐ญ๐ซ๐š ๐ˆ๐ƒ ๐ž๐ง๐ญ๐ž๐ซ๐ฉ๐ซ๐ข๐ฌ๐ž ๐š๐ฉ๐ฉ๐ฌ

    Microsoft Entra ID is primarily an identity system for Microsoft applications and services. However, you can also integrate other applications and services with Microsoft Entra ID. And itโ€™s even highly recommended, because you get single sign-on using corporate identity, you donโ€™t have to maintain another separate user account system, you have the ability to apply conditional access policies to these external applications and services, etc.

    But the problem is that by default, even a regular user can give consent to an external application to access Microsoft Entra ID and other services tied to it. This is very risky as it can lead to leakage of sensitive internal information as such applications can have arbitrary permissions that the user gives the application access to.

    ๐Ÿ“บ Watch my YouTube video bellow on how to block user consent to Enterprise Apps in Microsoft Entra ID ๐Ÿ‘‡ ๐Ÿ‘‡
    youtu.be/Ht-zcZt9nzM

    #cswrld #entraid #enterpriseapps #userconsent #block

  2. ๐๐ฅ๐จ๐œ๐ค๐ข๐ง๐  ๐ฎ๐ฌ๐ž๐ซ ๐œ๐จ๐ง๐ฌ๐ž๐ง๐ญ ๐ญ๐จ ๐Œ๐ข๐œ๐ซ๐จ๐ฌ๐จ๐Ÿ๐ญ ๐„๐ง๐ญ๐ซ๐š ๐ˆ๐ƒ ๐ž๐ง๐ญ๐ž๐ซ๐ฉ๐ซ๐ข๐ฌ๐ž ๐š๐ฉ๐ฉ๐ฌ

    Microsoft Entra ID is primarily an identity system for Microsoft applications and services. However, you can also integrate other applications and services with Microsoft Entra ID. And itโ€™s even highly recommended, because you get single sign-on using corporate identity, you donโ€™t have to maintain another separate user account system, you have the ability to apply conditional access policies to these external applications and services, etc.

    But the problem is that by default, even a regular user can give consent to an external application to access Microsoft Entra ID and other services tied to it. This is very risky as it can lead to leakage of sensitive internal information as such applications can have arbitrary permissions that the user gives the application access to.

    ๐Ÿ“บ Watch my YouTube video bellow on how to block user consent to Enterprise Apps in Microsoft Entra ID ๐Ÿ‘‡ ๐Ÿ‘‡
    youtu.be/Ht-zcZt9nzM

    #cswrld #entraid #enterpriseapps #userconsent #block

  3. ๐ƒ๐ˆ๐…๐…๐„๐‘๐„๐๐‚๐„ ๐๐„๐“๐–๐„๐„๐ ๐„๐๐“๐„๐‘๐๐‘๐ˆ๐’๐„ ๐€๐๐๐’ ๐€๐๐ƒ ๐€๐๐ ๐‘๐„๐†๐ˆ๐’๐“๐‘๐€๐“๐ˆ๐Ž๐๐’ ๐ˆ๐ ๐Œ๐ˆ๐‚๐‘๐Ž๐’๐Ž๐…๐“ ๐„๐๐“๐‘๐€ ๐ˆ๐ƒ

    In Microsoft Entra ID, there are Enterprise Apps and App Registrations. Many administrators donโ€™t know the difference between the two and confuse the two important concepts. But there is a major difference between them, and it is good to know it.

    ๐Ÿ“บ Watch my YouTube video bellow ๐Ÿ‘‡ ๐Ÿ‘‡
    youtu.be/4ljbruQOOiI

    #cswrld #videotutorial #entraid #enterpriseapps #appregistrations

  4. ๐ƒ๐ˆ๐…๐…๐„๐‘๐„๐๐‚๐„ ๐๐„๐“๐–๐„๐„๐ ๐„๐๐“๐„๐‘๐๐‘๐ˆ๐’๐„ ๐€๐๐๐’ ๐€๐๐ƒ ๐€๐๐ ๐‘๐„๐†๐ˆ๐’๐“๐‘๐€๐“๐ˆ๐Ž๐๐’ ๐ˆ๐ ๐Œ๐ˆ๐‚๐‘๐Ž๐’๐Ž๐…๐“ ๐„๐๐“๐‘๐€ ๐ˆ๐ƒ

    In Microsoft Entra ID, there are Enterprise Apps and App Registrations. Many administrators donโ€™t know the difference between the two and confuse the two important concepts. But there is a major difference between them, and it is good to know it.

    ๐Ÿ“บ Watch my YouTube video bellow ๐Ÿ‘‡ ๐Ÿ‘‡
    youtu.be/4ljbruQOOiI

    #cswrld #videotutorial #entraid #enterpriseapps #appregistrations

  5. Should users have the right to #consent for #EnterpriseApps in #AzureAD? By default, user consent is enabled.

    In one of my previous posts, I talked about Enterprise apps and their permissions. There is a significant risk of abuse with Enterprise apps - Illicit Consent Grants learn.microsoft.com/en-us/micr. That risk is very real and very often attackers target user consent.

    Therefore, end users should definitely not be able to give consent. The administrator should only do this. Therefore, it is recommended to disable user consent in the Azure AD Enterprise apps settings, or only allow consent for so-called low impact permissions for apps from verified publishers.

    Personally, however, I would disable user consent altogether. Users can be allowed to request admin consent, so if a user has a legitimate reason to use an app, they can request admin consent and the admin can approve the request after review.