The easiest place to get the broadest view of all of your applications and permissions is in the Azure AD portal. You’ve already seen how to create applications and manage permissions, so this process will be very familiar:
- Navigate to the Azure portal (https://portal.azure.com) and navigate to Azure Active Directory | Enterprise applications.
- Under Manage, select All applications.
- Select an application to examine the permissions and consent information.
Figure 9.9 – Enterprise applications page
- Under Security, select Permissions.
- Click an individual permission to review the details, as shown in Figure 9.10.
Figure 9.10 – Reviewing an individual application permission
You can also click the Review permissions button at the top of the application’s Permissions page to get helpful tips for reviewing an application’s permissions.
Figure 9.11 – Reviewing permissions
Next, we’ll look at Microsoft 365 Defender.
Reviewing the Microsoft 365 Defender portal
You can start reviewing OAuth application information in the Microsoft 365 Defender portal (https://security.microsoft.com) under Cloud apps | OAuth apps, as shown in Figure 9.12:
Figure 9.12 – Viewing OAuth apps in Microsoft 365 Defender Security Center
If your organization has not yet configured any apps, you can use the interface to connect to your existing SaaS app deployments and review the alerts and logs that are generated.
If you have connected your applications, you will see data show up as access and authorization requests are retrieved from the Azure AD logs.
Figure 9.13 – Manage OAuth apps in the Microsoft 365 Defender portal
Microsoft Defender for Cloud Apps provides a number of additional features, such as being able to identify and filter logs, review the security profile of connected applications, and even create alerts and remediation rules.
Next, we’ll shift gears and look at the features of Azure AD Application Proxy.