Manage OAuth apps using Office 365 Cloud App Security
|Evaluation >||Planning >||Deployment >||Utilization|
||You are here!
People love apps and they download them often, especially apps that people think will save time by making it easier to get at their work or school information. However, some apps could potentially be a security risk to your organization, depending on what information they access and how they handle that information. With Office 365 Cloud App Security, if you are a global or security administrator, you can manage OAuth apps for your organization. You can see the apps people are using with Office 365 data, what permissions those apps have, and more.
This article describes where to go to manage OAuth apps, how to approve or ban an app, and how to create an app query.
How to find the Manage OAuth apps page
OAuth apps are managed in the Office 365 Cloud App Security portal. You must be a global administrator or security administrator to perform the following task. To learn more see Permissions in the Office 365 Security & Compliance Center.
Go to https://protection.office.com and sign in using your work or school account for Office 365. (This takes you to the Security & Compliance Center.)
Go to Alerts > Manage advanced alerts.
Click (or tap) Go to Office 365 Cloud App Security.
NO****TE: If Office 365 Cloud App Security is not turned on yet, you can do that on this page. See Get ready for Office 365 Cloud App Security.
Choose Investigate > OAuth apps.
What you'll see on the Manage OAuth apps page
The following table describes the controls and options available on the Manage OAuth apps page.
|Basic icon in the app query bar
||Select this to switch to the Advanced view.
(If you see Basic, you are using the Advanced view)
|Advanced icon in the app query bar
||Select this to switch to the Basic view.
(If you see Advanced, you are using the Basic view.)
|Open or close all details icon in the app list
||Select this icon to view more or fewer details about each app.
|Export icon in the app list
||Select this icon to export a CSV file that contains a list of apps, number of users for each app, permissions associated with the app, permissions level, app state, and community use level.
||Use this to see the name of an app. Select the name to view more information, such as its description, publisher, app website and app ID.
||Use this to see how many users have authorized an app to access their Office 365 account. Select the number to view more information, such as a list of user accounts.
||Use this to see how much access an app has to Office 365 data. Permissions levels indicate Low, Medium, or High, where Low might indicate that the app only accesses a user's profile and name. Select the level to view more information, such as permissions granted to the app, community use, and related activity in the Governance log.
|App state ( Banned, Approved, or Undetermined)
||Use this to mark an app as Approved or Banned, or leave it as undetermined.
Mark an app as approved
On the Manage OAuth apps page, locate the app you want to approve, and choose the Mark app as approved icon.
The icon turns green, and the app is approved for all your Office 365 users.
When you mark an app as approved, there is no effect on the end user. Visually marking the apps that are approved helps to separate them from apps that haven't been reviewed yet.
Ban an app
On the Manage OAuth apps page, locate the app you want to ban, and choose the Mark app as banned icon.
Choose whether to let users know that their app has been banned.
(Recommended) To let users know, select Notify users who granted access to this banned app, and add or edit a custom notification message.
To not let users know, clear Notify users who granted access to this banned app.
Choose Ban app.
Create an app query
In the app query bar, if you see Advanced, click (or tap) it to go to the Advanced view. (If you see Basic, you are using the Advanced view; keep your view as it is.)
Use the Select a filter list to choose an option.
- App Apps with certain names
- App state Apps based on their state (Approved, Banned, or Undetermined)
- Community use Apps based on community use levels (Rare, Uncommon, or Common)
- Permission level Apps based on certain permission levels
- Permissions Apps that require certain permissions
|Apps from certain publishers
- User Apps that a certain user authorized
Select equals or does not equal, and then specify a value for your filter.
To add more filters, select the plus sign (), and then repeat steps 2 and 3.
To remove a filter, select the x () next to a filter name.
The filters are applied automatically, and the apps list is updated accordingly.