New 365 Application detected

Alert title: “New Application detected”

Description: Alerts if a new 365 application (Tenancy Wide) is detected as being given access.

Options:

  • It is possible to ignore specific Application IDs

The problem: This alert is triggered when an new application is granted to the tenancy. This may be an indicator of malicious activity, or ‘back-door’ access.

Impact: If it was not intentional, then it may indicate a breach.

Suggested steps: Engage a technician to confirm that the alert is accurate. Investigate the source of the new application, confirm it is valid and expected. Also investigate the access permisions granted to ensure they are not too excessive.