OAuth 應用程式原則OAuth app policies

適用於:Microsoft Cloud App SecurityApplies to: Microsoft Cloud App Security

重要

Microsoft 的威脅防護產品名稱即將變更。Threat protection product names from Microsoft are changing. 如需有關此變更的詳細資訊與其他更新,請參閱這裡Read more about this and other updates here. 我們將在不久的將來更新產品與文件中的名稱。We'll be updating names in products and in the docs in the near future.

除了連線至您環境中 OAuth 應用程式的現有調查之外,您還可以設定權限原則,以在 OAuth 應用程式符合特定準則時取得自動通知。In addition to the existing investigation of OAuth apps connected to your environment, you can set permission policies to so that you get automated notifications when an OAuth app meets certain criteria. 例如,您可以在有應用程式需要高權限層級,且已獲 50 位以上的使用者授權時,自動收到警示。For example, you can automatically be alerted when there are apps that require a high permission level and were authorized by more than 50 users.

OAuth 應用程式原則可讓您針對 Office 365、G Suite 和 Salesforce 調查每個應用程式所要求的權限,以及授權它們的使用者。OAuth app policies enable you to investigate which permissions each app requested and which users authorized them for Office 365, G Suite, and Salesforce. 您也可以將這些權限標示為已核准或已禁止。You're also able to mark these permissions as approved or banned. 將它們標示為已禁止,將會撤銷授權它之每位使用者的每個應用程式權限。Marking them as banned will revoke permissions for each app for each user who authorized it.

建立新的 OAuth 應用程式原則Create a new OAuth app policy

您可以透過兩種方式來建立新的 OAuth 應用程式原則。There are two ways to create a new OAuth app policy. 第一種方式是在 [調查]**** 下,第二種方式是在 [控制項]**** 下。The first way is under Investigate and the second is under Control.

建立新的 OAuth 應用程式原則:To create a new OAuth app policy:

  1. 在 [調查]**** 下,選取 [OAuth 應用程式]****。Under Investigate select OAuth app.

  2. 根據您的需求篩選應用程式,例如,您可以檢視所有可要求 [權限]**** 的應用程式,以修改您信箱中的行事曆Filter the apps according to your needs, for example, you can view all apps that request Permission to Modify calendars in your mailbox.

  3. 按一下 [從搜尋新增原則] 按鈕。Click the New policy from search button. 從搜尋新增原則new policy from search

  4. 您可以使用 Community use 篩選,取得允許此應用程式的權限為常見、不常見還是罕見的資訊。You can use the Community use filter to get information on whether allowing permission to this app is common, uncommon, or rare. 如果您的應用程式為罕見,並且要求具有高嚴重性層級權限或是要求許多使用者的權限,此篩選可能十分有用。This filter can be helpful if you have an app that's rare and requests permission that has a high severity level or requests permission from many users.

  5. 您可以根據應用程式授權使用者的群組成員資格設定原則。You can set the policy based on the group memberships of the users who authorized the apps. 例如,管理員可以決定要設定一個原則,在不常見的應用程式要求高權限時將其撤銷,但前提是授權權限的使用者是 Administrator 群組的成員。For example, an admin can decide to set a policy that revokes uncommon apps if they ask for high permissions, only if the user who authorized the permissions is a member of the administrators group.

或者,您也可以按一下接著 [原則]**** 的 [控制項]****,以建立原則。Alternatively, you can also create the policy by clicking Control followed by Policies. 然後,按一下後接 [OAuth 應用程式原則]**** 的 [建立原則]****。Then click Create policy followed by OAuth app policy.

新的 OAuth 應用程式原則

OAuth 應用程式異常偵測原則OAuth app anomaly detection policies

除了您可以建立的 OAuth 應用程式原則之外,還提供下列現成的異常偵測原則,這些原則會分析 OAuth 應用程式的中繼資料,以找出可能惡意的中繼資料:In addition to OAuth app policies you can create, there are the following out-of-the-box anomaly detection policies that profile metadata of OAuth apps to identify ones that are potentially malicious:

原則名稱Policy name 原則描述Policy description
誤導的 OAuth 應用程式名稱Misleading OAuth app name 當偵測到具有誤導名稱的應用程式時,掃描連線至您環境的 OAuth 應用程式,並觸發警示。Scans OAuth apps connected to your environment and triggers an alert when an app with a misleading name is detected. 誤導的名稱(例如類似拉丁字母的外國字母),可能表示嘗試將惡意應用程式偽裝為已知且受信任的應用程式。Misleading names, such as foreign letters that resemble Latin letters, could indicate an attempt to disguise a malicious app as a known and trusted app.
OAuth 應用程式的誤導發行者名稱Misleading publisher name for an OAuth app 當偵測到具有誤導發行者名稱的應用程式時,掃描連接到您環境的 OAuth 應用程式,並觸發警示。Scans OAuth apps connected to your environment and triggers an alert when an app with a misleading publisher name is detected. 誤導的發行者名稱(例如類似拉丁字母的外國字母),可能表示嘗試將惡意應用程式偽裝為來自已知且受信任之發行者的應用程式。Misleading publisher names, such as foreign letters that resemble Latin letters, could indicate an attempt to disguise a malicious app as an app coming from a known and trusted publisher.
惡意 OAuth 應用程式同意Malicious OAuth app consent 掃描連接至您環境的 OAuth 應用程式,並在有可能的惡意應用程式獲得授權時觸發警示。Scans OAuth apps connected to your environment and triggers an alert when a potentially malicious app is authorized. 惡意 OAuth 應用程式可作為網路釣魚活動的一部分,以嘗試危害使用者。Malicious OAuth apps may be used as part of a phishing campaign in an attempt to compromise users. 此偵測會利用 Microsoft 安全性研究與威脅情報專業知識來識別惡意應用程式。This detection leverages Microsoft security research and threat intelligence expertise to identify malicious apps.
可疑的 OAuth 應用程式檔下載活動Suspicious OAuth app file download activities 查看 異常偵測原則See Anomaly detection policies

注意

異常偵測原則僅適用于 Azure Active Directory 中授權的 OAuth 應用程式。Anomaly detection policies are only available for OAuth apps that are authorized in your Azure Active Directory.

下一步Next steps

若您遇到任何問題,我們隨時提供協助。If you run into any problems, we're here to help. 若要取得產品問題的協助或支援,請建立支援票證To get assistance or support for your product issue, please open a support ticket.