monkey365 icon indicating copy to clipboard operation
monkey365 copied to clipboard

Published 20 hours ago verified publisher icon silverhack

[Bug]: Admin Consent to Enterprise Applications - azure-activedirectory-users-can-consent-apps-data-access.json

Open cmking94 opened this issue 1 year ago • 3 comments

What happened?
The current finding for Admin Consent to Enterprise Applications in the finding "azure-activedirectory-users-can-consent-apps-data-access.json" is no longer applicable. The finding is now under Entra ID > Applications > Enterprise Applications > Consent and permissions. Also, the finding can be located with "Get-MsolCompanyInformation | Select-Object UsersPermissionToUserConsentToAppEnabled".

Expected behavior
The resource in the HTML report for the "Ensure That 'Users Can Consent To Apps Accessing Company Data On Their Behalf' Is Set To 'No'" configuration shows passed, but my O365 tenant has "Allow user consent for apps" selected. The JSON file "aad_managed_app_user_settings" shows 'null' for the "usersCanAllowAppsToAccessData" finding.

Screenshots or Logs
image

From where are you running Monkey365?

  • Resource: Workstation
  • OS: Windows
  • PowerShell Version [$PsVersionTable]: 5.1.20348.2110
  • Monkey365 Version: v0.91.2-beta

cmking94 avatar Jan 09 '24 18:01 cmking94

Hi @cmking94 thanks for catching this! it's really appreciated.

Just to mention that this rule is for CIS 1.4 and is that rule was superseded by a more specific one that is checking for trusted publisher apps.

I'll update the rule as soon as I can.

Thanks!

silverhack avatar Jan 09 '24 20:01 silverhack

This was the field I was looking for and I understand the finding results, thanks for the quick response!

cmking94 avatar Jan 09 '24 21:01 cmking94

Hi @cmking94,

This is now fixed on dev branch.

Cheers,

silverhack avatar Jan 11 '24 17:01 silverhack

This issue has been automatically marked as stale because it has not had recent activity. We kindly ask you to check again if the issue you reported is still relevant in the current version of Monkey 365. If it is, update this issue with a comment, otherwise it will be automatically closed if no further activity occurs. Thank you for your contributions.

github-actions[bot] avatar May 11 '24 02:05 github-actions[bot]

This issue was closed because it has been inactive for 14 days since being marked as stale. If the issue is still relevant, feel free to re-open it or open a new one.

github-actions[bot] avatar May 25 '24 02:05 github-actions[bot]