Understand the least privileged permission for each API call that the application needs to make using Graph Explorer.Fully understand the permissions required for the API calls that the application needs to make.The security of an application and the user data that it accesses is the responsibility of the developer.Īdhere to these guidelines during application development to help avoid making it overprivileged: Least privilege during application development The user is required to grant (or deny) consent for the requested permission before the application can progress. Whenever an application that runs in a device requests access to protected data, the application should ask for the consent of the user before granting access to the protected data. Consent can be granted in several ways, including by a tenant administrator who can consent for all users in an Azure AD tenant, or by the application users themselves who can grant access.
Most applications require access to protected data, and the owner of that data needs to consent to that access. Mitigation: Replace each reducible permission in the application with its least-permissive counterpart still enabling the intended functionality of the application. An entity that exploits a security vulnerability in the application could use the reducible permission for unauthorized access to data or to perform operations not normally allowed by that role of the entity. Security risk: Reducible permissions pose a vertical privilege escalation security risk. The permission is considered reducible here because the less permissive permission grants sufficient read-only access to user profile data. However, the application has been granted the permission. Mitigation: Remove any permission that isn't used in API calls made by the application.Ī reducible permission is a permission that has a lower-privileged counterpart that would still provide the application and its users the access they need to perform their required tasks.Įxample: An application displays the signed-in user's profile information by calling the Microsoft Graph API, but doesn't support profile editing. An entity that exploits a security vulnerability in the application could use an unused permission to gain access to an API or operation not normally supported or allowed by the application when it's used as intended. Security risk: Unused permissions pose a horizontal privilege escalation security risk. However, the application has also been granted the Calendars.Read permission, yet it provides no calendar features and doesn't call the Calendars API.
Unused permissionsĪn unused permission is a permission that's been granted to an application but whose API or operation exposed by that permission isn't called by the application when used as intended.Įxample: An application displays a list of files stored in the signed-in user's OneDrive by calling the Microsoft Graph API using the Files.Read permission. The appropriate permissions are the ones with the least-permissive access required by an application or user to perform their required tasks. Avoid security risks posed by unused and reducible permissions by granting only the appropriate permissions. Unused and reducible permissions have the potential to provide unauthorized or unintended access to data or operations not required by the application or its users to perform their jobs. Audit the deployed applications periodically to identify the ones that are overprivileged.Īny application that's been granted an unused or reducible permission is considered overprivileged.Build applications with least privilege in mind during all stages of development.Use the identity platform's consent framework to require that a human consent to the request from the application to access protected data.
Prevent overprivileged applications by revoking unused and reducible permissions.Follow the guidance here to help reduce the attack surface of an application and the impact of a security breach (the blast radius) should one occur in a Microsoft identity platform-integrated application. The information security principle of least privilege asserts that users and applications should be granted access only to the data and operations they require to perform their jobs.
0 kommentar(er)
