Security experts at Wiz recently identified numerous misconfigured Azure AD applications in public-facing corporate websites and some general-purpose applications. It is important to note that this is not a bug within Azure AD, but rather a result of developers not fully understanding certain functionality, including those at Microsoft.
For those utilizing Azure AD, the question now is: how does this impact your environment? In short, if you have any Azure AD applications (third-party or your own) configured as multi-tenant, yes, your environment may be vulnerable. Begin by examining your Azure AD for potentially vulnerable applications using the following Azure CLI command:
az ad app list –filter “(signinaudience eq ‘AzureADMultipleOrgs’ or signinaudience eq ‘AzureADandPersonalMicrosoftAccount’)” –query “[?web && web.homePageUrl].{AppName:displayName, AppID:appId, AppURL:web.homePageUrl}”
If this query returns any results, assess each application individually. The most straightforward solution is to switch them to single-tenant authentication, which will disable access for external users. If specific external users need access, carefully review and configure the appropriate access levels.
About Action1
Action1 provides a risk-based patch management solution for distributed work-from-anywhere organizations. Action1 helps to discover, prioritize, and remediate vulnerabilities in a single solution to prevent security breaches and ransomware attacks. It automates patching of third-party applications, patching of operating systems, drivers, and firmware, ensuring continuous patch compliance and remediation of security vulnerabilities before they are exploited.