manage OAuth application requests in Azure AD, Microsoft Defender for Cloud Apps, and Microsoft 365 Defender

Azure AD employs OAuth 2.0 to enable app users to sign-in and grant permissions to access web servers, APIs, and Microsoft Graph. OAuth 2.0 client credentials grant types are used when the client application needs to authenticate itself to prove its identity and not on behalf of a user.

To manage OAuth application permissions in Azure AD, here’s a quick overview of the steps:

1. Navigate to the Azure portal and find the Azure Active Directory.
2. Choose ‘App Registrations’ and select your application.
3. Go to ‘API permissions’ and add a new permission.
4. Locate and select your API and choose the appropriate permission.

Example:

az ad app permission list --id MY-APP-CLIENT-ID

Managing Microsoft Defender for Cloud Apps and OAuth Application Requests

MS Defender for Cloud Apps also enables you to control OAuth apps in your cloud environment by offering visibility into the apps authorized via OAuth.

To manage OAuth applications in MS Defender for Cloud Apps, follow these steps:

1. Open the portal and navigate to the ‘OAuth Apps’ option under ‘Investigate’.
2. You’ll see all the OAuth applications with access to your cloud environment and their related risks.
3. For high-risk apps, choose deactivate, and the app gets banned.

Microsoft 365 Defender

Similarly, Microsoft 365 Defender aids in managing OAuth application permissions authorized to access the user’s account.

To manage OAuth applications in Microsoft 365 Defender:

1. Open MS 365 security center and navigate to ‘Alert policy.’
2. Click on ‘OAuth App access policy.’
3. From here on, you can govern which apps can access the organizational data.

To manage OAuth applications via PowerShell:

Here is an example code to get client credential details:

# Get client credential details

Get-MsolServicePrincipalCredential -ServicePrincipalName "" -ReturnKeyValues $true


Summary

Whatever the platform may be – Azure AD, Microsoft Defender for Cloud Apps, or MS 365 Defender, managing OAuth application requests is crucial for safeguarding your assets from unauthorized access and potential risks. Understanding and deploying the right methods to monitor and control OAuth app access can go a long way in ensuring your digital environment’s security. By focusing on these areas, candidates preparing for the MS-100 Microsoft 365 Identity and Services Exam can better understand OAuth application requests’ management across these platforms.

Practice Test

True or False: OAuth is a protocol that lets external apps request authorization to private details in a user’s Microsoft account without getting their password.

• Answer: True

Explanation: OAuth enables apps to get limited access to a user’s account without sharing the actual password. It is used to communicate between the client (who is requesting the access) and the Microsoft account.

Multiple Choice: Which of the following are scopes of OAuth permissions in Azure Active Directory?

• a) Delegated
• b) Applications
• c) Consent
• d) Access

Answer: a) Delegated, b) Applications

Explanation: Delegated and Application are two scopes of OAuth permissions. The former represents the permissions that the user has in the resource domain, while the latter represents the permissions that are consistent regardless of who is using the application.

True or False: Microsoft Defender for Cloud Apps cannot identify authorized and unauthorized OAuth applications.

• Answer: False

Explanation: Microsoft Defender for Cloud Apps utilizes API connectors to provide visibility into your cloud apps, including identifying both authorized and unauthorized OAuth applications.

Multiple Choice: Which component of Azure AD handles OAuth 0 requests?

• a) Application Gateway
• b) Azure Traffic Manager
• c) Azure Active Directory B2C
• d) Azure Active Directory B2B

Answer: c) Azure Active Directory B2C

Explanation: Azure Active Directory B2C is an identity management service that enables custom control of how your customers sign up, sign in, and manages their profiles when using your applications.

True or False: Azure AD’s consent framework doesn’t allow the user or admin to grant consent for an app, which eliminates unwarranted access to any other resources.

• Answer: False

Explanation: Azure AD’s consent framework allows the user or admin to grant consent for an app to access other resources on its behalf.

Multiple Choice: What does Microsoft 365 Defender use to protect organizations?

• a) Threat intelligence
• b) Real-time analytics
• c) Automation
• d) All of the above

Answer: d) All of the above

Explanation: Microsoft 365 Defender utilizes threat intelligence, real-time analytics, and automation to protect organizations.

True or False: In Microsoft 365 Defender, OAuth app policies can alert admins about potentially risky OAuth applications.

• Answer: True

Explanation: Yes, one of the features of Microsoft 365 Defender is allowing admins to set up OAuth app policies, which can raise alerts about potentially risky OAuth applications.

Multiple Choice: OAuth app publisher verification in Azure Active Directory helps to ___.

• a) Increase trust in application’s identity
• b) Validate domain registration
• c) Establish authenticity of the app
• d) All of the above

Answer: d) All of the above

Explanation: App publisher verification in Azure Active Directory helps increase trust in the application’s identity, by validating the domain registration and establishing the app’s authenticity.

True or False: OAuth lets an application gain access to resources only from Microsoft

• Answer: False

Explanation: OAuth is an open standard authorization protocol that allows applications to gain access to resources from all sorts of providers, not just Microsoft

Multiple Choice: What is the main function of Microsoft Defender for Cloud Apps?

• a) Monitoring use of Cloud apps
• b) Identifying potential threats
• c) OAuth application management
• d) All of the above

Answer: d) All of the above

Explanation: Microsoft Defender for Cloud Apps is a Cloud Access Security Broker (CASB) that supports various deployment modes including log collection, API connectors, and reverse proxy. It provides rich visibility, control over data travel, and sophisticated analytics.

Interview Questions

What is OAuth in the context of Azure AD?

OAuth is an open standard for access delegation, used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords.

How do you create an OAuth 2.0 application in Azure AD?

To create a new OAuth 2.0 application in Azure AD, you first go to the Azure Active Directory admin center, select “App Registrations” and click on “New Registration”. You then provide a name for the app and define the supported account types and the Redirect URI (if applicable). After that, the app registration process generates a new Application (client) ID for the app.

What is the role of Microsoft Defender for Cloud Apps in managing OAuth applications?

Microsoft Defender for Cloud Apps acts as a control point for data travelling in the cloud. It can detect unusual behavior, violations or malicious activity within the application. It also provides a centralized interface to set and manage security policies.

What is the function of Microsoft 365 Defender in managing OAuth applications?

Microsoft 365 Defender helps detect, investigate and respond to advanced threats, compromised identities and insider actions across your on-premises and cloud environments.

Why do you need to use OAuth in Azure AD applications?

OAuth is used to authorize access to resources in Azure AD applications without sharing the actual credentials. It is especially useful for scenarios where you want to provide third-party applications access to your resources.

How can you secure OAuth 2.0 applications in Azure AD?

OAuth 2.0 applications can be secured in Azure AD using several methods such as applying Conditional Access policies, enabling multi-factor authentication (MFA), and using secure tokens for communication.

How do you authenticate an OAuth 2.0 application in Azure AD?

This is typically done using client credentials (client id and client secret) or certificates as proof of the application’s identity.

How does Microsoft Defender for Cloud Apps enhance security for OAuth applications?

Microsoft Defender for Cloud Apps provides threat protection for your cloud applications, offering risk assessments, data control and threat detection capabilities, thereby enhancing the overall security for OAuth applications.

How can Microsoft 365 Defender improve security in the OAuth application management process?

Microsoft 365 Defender offers advanced threat detection and response mechanisms, which can be used to proactively manage and mitigate threats in OAuth application management process.

What is the Azure AD Consent Framework?

The Azure AD consent framework is a set of capabilities and safeguards in Azure AD that enable users to grant third-party applications access to their data, with full control and visibility, and minimize risks of unauthorized access.

How can you monitor OAuth application requests in Azure AD?

In Azure AD, you can monitor OAuth application requests by using Azure AD reports and monitoring tools available in Azure Monitoring.

How can you revoke an OAuth application in Azure AD?

An OAuth application in Azure AD can be revoked by an administrator, or a user can revoke their own consent via their account settings.

What is the connection between OAuth and Microsoft 365 Defender?

OAuth is an authentication protocol used by Azure AD applications, while Microsoft 365 Defender is a security solution designed to protect against threats across Microsoft 365 products. So, OAuth is utilized to manage and secure access, while Microsoft 365 Defender safeguards the entire Microsoft 365 ecosystem, including OAuth applications.

How can you manage app permissions in Azure AD OAuth?

You can manage app permissions in Azure AD OAuth through consent requests. Users or administrators can consent to the permissions that an app requests, or administrators can limit what permissions users can consent to.

What are Scopes in OAuth application in Azure AD?

Scopes in an OAuth application represent permissions that the application needs. They are included in authorization requests and are used by Azure AD to limit what resources an app has access to.