Manage OAuth apps using Office 365 Cloud App Security
|Evaluation >||Planning >||Deployment >||Utilization|
||You are here!
People love apps and they download them often, especially apps that people think will save time by making it easier to get at their work or school information. However, some apps could potentially be a security risk to your organization, depending on what information they access and how they handle that information. With Office 365 Cloud App Security, if you are a global or security administrator, you can manage OAuth apps for your organization. You can see the apps people are using with Office 365 data, what permissions those apps have, and more.
This article describes where to go to manage OAuth apps, how to approve, ban, or report an app, and how to create an app query.
How to find the Manage OAuth apps page
OAuth apps are managed in the Office 365 Cloud App Security portal. You must be a global administrator or security administrator to perform the following task. To learn more see Permissions in the Office 365 Security & Compliance Center.
Go to https://protection.office.com and sign in using your work or school account for Office 365. (This takes you to the Security & Compliance Center.)
Go to Alerts > Manage advanced alerts.
Click (or tap) Go to Office 365 Cloud App Security.
NOTE: If Office 365 Cloud App Security is not turned on yet, you can do that on this page. See Get ready for Office 365 Cloud App Security.
Choose Investigate > OAuth apps.
What you'll see on the Manage OAuth apps page
The following table describes the controls and options available on the Manage OAuth apps page.
|Basic icon in the app query bar
||Select this to switch to the Advanced view.
(If you see Basic, you are using the Advanced view)
|Advanced icon in the app query bar
||Select this to switch to the Basic view.
(If you see Advanced, you are using the Basic view.)
|Open or close all details icon in the app list
||Select this icon to view more or fewer details about each app.
|Export icon in the app list
||Select this icon to export a CSV file that contains a list of apps, number of users for each app, permissions associated with the app, permissions level, app state, and community use level.
||Use this to see the name of an app. Select the name to view more information, such as its description, publisher, app website and app ID.
||Use this to see how many users have authorized an app to access their Office 365 account. Select the number to view more information, such as a list of user accounts.
||Use this to see how much access an app has to Office 365 data. Permissions levels indicate Low, Medium, or High, where Low might indicate that the app only accesses a user's profile and name. Select the level to view more information, such as permissions granted to the app, community use, and related activity in the Governance log.
||Use this to see the date and time an OAuth app was last authorized to access your organization's Office 365 data.
||Use this to see or to mark an app as Approved or Banned, report an OAuth app to Microsoft, or leave it as undetermined.
Mark an app as approved
On the Manage OAuth apps page, locate the app you want to approve, and choose the Mark app as approved icon.
The icon turns green, and the app is approved for all your Office 365 users.
When you mark an app as approved, there is no effect on the end user. Visually marking the apps that are approved helps to separate them from apps that haven't been reviewed yet.
Ban an app
On the Manage OAuth apps page, locate the app you want to ban, and choose the Mark app as banned icon.
In the notification message box, keep the existing text as it is, or customize the text. Choose whether to let users know that their app has been banned.
Choose Ban app.
Report an OAuth app to Microsoft
If you want to submit an OAuth app to Microsoft for analysis, you can report that app.
On the Manage OAuth apps page, locate the app you want to submit for analysis.
Choose the vertical ellipsis, and then choose Report app....
In the Report this app dialog box, use the drop-down list to indicate your concern. By default, This app is malicious is selected. However, you can choose on one of the other available options.
(Recommended) Keep the option to contact you selected, and confirm (or edit) the email address listed.
Create an app query
We recommend using the Advanced view, which looks like this:
In the app query bar, if you see Advanced, you're using the Basic view. Click (or tap) Advanced to go to the Advanced view.
In the query bar, use the Select a filter list to choose an option.
- App Apps with certain names
- App state Apps based on their state (Approved, Banned, or Undetermined)
- Community use Apps based on community use levels (Rare, Uncommon, or Common)
- Permission level Apps based on certain permission levels
- Permissions Apps that require certain permissions
- Publisher Apps from certain publishers
- User Apps that a certain user authorized
Select equals or does not equal, and then specify a value for your filter.
To add more filters, select the plus sign (), and then repeat steps 2 and 3.
To remove a filter, select the x () next to a filter name.
The filters are applied automatically, and the apps list is updated accordingly.