Secure your Microsoft 365 environment with Obsidian Security

Get a demoFree Trial

OneDrive permissions let third-party apps access all files

Microsoft OneDrive grants overly broad permissions to third-party apps, which allows them to access all content in a user's account.

Obsidian Security identifies which applications have overly permissive scopes to mitigate risks and manage third-party app permissions.

Scattered Microsoft 365 security controls leave privilege risk unchecked

Although Microsoft 365 apps share a common login, differences in application usage, access, and settings complicate their security.

  • Controls are scattered across different consoles, requiring significant time and experience to manage effectively 
  • Temporary admin access (e.g. Intune, Sharepoint) often turns permanent without review or enforcement of Privileged Identity Management, hiding privilege risk 
  • No centralized control or oversight stopping users from authorizing third-party app integrations with Microsoft to act on their behalf (e.g. Amazon Alexa that can send mail)

Automate Microsoft 365 app audits, access reviews, and policy enforcement with Obsidian

  • Connect all Microsoft tenants to unify account visibility and authentication policy management
  • Uncover risky third-party app access to create and enforce policy-based controls
  • Automate workflows to detect posture drift for excessive app permissions and/or auto-revoke banned applications
  • Monitor for newly created, suspicious inbox rules to stop data exfiltration and persistent access

Mitigating Modern SaaS Threats in Microsoft 365 with Obsidian

Microsoft 365 empowers data innovation, but also introduces risks from excessive access and third-party code. Obsidian’s SaaS-native security stack continuously monitors token usage, enforces secure configurations, and delivers identity-aware detection to help organizations mitigate modern SaaS threats.

Related Resources

Incident Watch Cover

Brief

OneDrive Security Risks: Microsoft Grants Full Access to Third-Party Apps

Incident Watch Cover

Blog

How to Secure Microsoft 365 for CISA: SCuBA Made Simple

Free Offer

Free Risk Assessment for Microsoft 365