Guest contributor |
Application governance is a critical aspect of an organisation’s cloud security strategy, yet it often takes a backseat due to a lack of understanding and time constraints. According to data from the US Secret Service, the current global daily losses from business email compromise attacks are estimated at approximately $8 million, and it only takes one user account granting consent to a malicious application to result in the unauthorised extraction of data residing in Microsoft 365.
When it comes to Microsoft Entra ID (formerly Azure Active Directory), teams must understand key concepts such as tenants, application registrations, enterprise applications and consent, as well as how everything works together, to develop a strong security strategy. Organisations must also know how to implement these strategies or they risk exposure to substantial data breaches and financial losses.
Entra ID is a cloud-based platform that serves as the directory and identity management for various Microsoft services. An Entra ID tenant is a unique instance containing user accounts, groups, devices and applications. Playing a pivotal role in authentication and authorisation, Entra ID enables single sign-on through enterprise applications (for example, Salesforce and Workday) and application registrations.
Without a deep knowledge of Entra ID and identity management principles, many teams are unsure where to start with securing their Entra ID tenant. Some application programming interface permissions needed for application registrations are sweeping; the default Entra ID settings permit end users to consent to applications without oversight, potentially leading to over-permissioned grants and security vulnerabilities. Meanwhile, admin consent allows broader access beyond the scope of individual users, posing security risks. Understanding and managing consent is vital to prevent unauthorised access and data breaches.
ENow has used the expertise it has honed during 19 years of assisting global organisations with Microsoft unified collaboration tools and Active Directory to create a free tool to simplify application governance.
With input from experienced Microsoft security Most Valued Professionals, ENow developed a scoring system incorporating Microsoft-recommended identity practices to give companies a realistic view of their current Entra ID application governance state.
The ENow AppGov Score assessment tool includes more than 24 checks that cover enterprise applications, application registrations and tenant settings. It helps identity teams to improve their security posture by minimising potential attack patterns, configuring application settings correctly and restricting access appropriately.
Highlighting the gaps in an organisation’s application governance policy, ENow’s tool and report outline remediation areas, saving hours of manual work, so identity teams can swiftly improve their tenants’ cloud security posture.
Organisations can obtain their free AppGov Score and Application Governance Assessment report at:
www.appgovscore.com
Jay Paul Gundotra is the technical founder and CEO of ENow Software
This article was originally published in the Winter 2023 issue of Technology Record. To get future issues delivered directly to your inbox, sign up for a free subscription.