Lessons from Microsoft's Azure App Misconfiguration

Recently, Wiz Research made a startling discovery while analyzing an Azure App Registration in the tenant of Microsoft. They found that a misconfiguration in the setup of the App Registration could lead to Bing search results being manipulated and a partial takeover of O365 functionalities for millions of users. Microsoft has addressed this issue, and you can read their statement here. It only takes one click to misconfigure this resource during setup. When creating an Azure App Registration, one of the options available is to select whether the app will be accessible only within your own tenant (single tenant) or across multiple tenants (multi-tenant). Single-tenant apps are restricted to users from your own tenant, while multi-tenant apps can be used by anyone with an Azure tenant (or potentially also by personal Microsoft accounts).

Unfortunately, misconfigurations are common in cloud infrastructure, and they are often not fixed due to a lack of awareness. Engineers can’t possibly know everything, and it is easy for a simple misconfiguration to have a massive impact on your operations and business. This is why it is essential to have continuous monitoring of your cloud configurations.

The importance of monitoring cloud configurations cannot be overstated. Even large companies like Microsoft can fall victim to misconfigurations, and the consequences can be severe. The Toreon Security Office Portal is an excellent solution for every organization wanting to ensure their Microsoft cloud configurations remain secure. It continuously monitors your M365, O365, and Azure environment with over 400 intelligent, scripted rules and alerts you for important changes in security configurations and security compliance.

The rule found in the screenshot below checks for this specific configuration in your tenant and allows you to set an acceptance threshold.