This publication is a collection of various common attack scenarios on Microsoft Entra ID (formerly known as Azure Active Directory) and how they can be mitigated or detected.
I have been wondering how concerned we need to be about rogue apps in Teams, have you given this any thought? Should we add something to this project to investigate this risk?
Hi, as far as I've seen, unless a existing webhook for teams message in channel is leaked outside of the teams, the attacker has to go through phishing consent for their app Teams Resource Specific Consent
I have been wondering how concerned we need to be about rogue apps in Teams, have you given this any thought? Should we add something to this project to investigate this risk?