Secure your Microsoft 365 environment with Obsidian Security

Get a DemoFree Trial

OneDrive permissions let third-party apps access all files

Microsoft OneDrive grants overly broad permissions to third-party apps, which allows them to access all content in a user's account. 

Obsidian Security identifies which applications have overly permissive scopes to mitigate risks and manage third-party app permissions.

100%

of OneDrive files exposed to third-party apps after only one file shared

Obsidian Research

55%

shadow SaaS integrate with core apps like Microsoft 365

Obsidian Network Data

1,065

average number of third-party OAuth connections with Microsoft 365

Obsidian Network Data

Scattered Microsoft 365 security controls leave privilege risk unchecked

Although Microsoft 365 apps share a common login, differences in application usage, access, and settings complicate their security.

  • Controls are scattered across different consoles, requiring significant time and experience to manage effectively 
  • Temporary admin access (e.g. Intune, Sharepoint) often turns permanent without review or enforcement of Privileged Identity Management, hiding privilege risk 
  • No centralized control or oversight stopping users from authorizing third-party app integrations with Microsoft to act on their behalf (e.g. Amazon Alexa that can send mail)
View of Obsidian dashboard showing Microsoft 365 app details for Amazon Alexa Connect and critical security rules including MFA and legacy auth risks
Obsidian UI automating actions for risky Microsoft 365 integrations based on new risk signals or security review transitions

Automate Microsoft 365 app audits, access reviews, and policy enforcement with Obsidian

  • Connect all Microsoft tenants to unify account visibility and authentication policy management
  • Uncover risky third-party app access to create and enforce policy-based controls
  • Automate workflows to detect posture drift for excessive app permissions and/or auto-revoke banned applications
  • Monitor for newly created, suspicious inbox rules to stop data exfiltration and persistent access

Obsidian simplifies identity threat across Microsoft 365

  • Stop account takeovers from advanced credential compromise attacks*
  • Warn or block users from entering credentials to malicious phishing sites* 
  • Automate workflows with ITSM or SOAR to alert on suspicious inbox rule creation, token reuse, and Tor logins
  • Monitor user activity for remote access use, suspicious logins, or MFA additions from suspicious locations

*requires deployment of Obsidian Browser Extension

Obsidian platform highlighting risky Microsoft 365 rules and phishing detections including weak password policies and Okta phishing attempts

Related Resources

Incident Watch Cover

Brief

OneDrive Security Risks: Microsoft Grants Full Access to Third-Party Apps

Incident Watch Cover

Blog

How to Secure Microsoft 365 for CISA: SCuBA Made Simple

Free Offer

Free Risk Assessment for Microsoft 365