![]() ![]() So, it looks like what's happening is you grant permission to iOS native mail to download emails for offline access so MFA is actually bypassed. ![]() Public contributions to expand this filter are welcome! For further information on AuditLogs please see. ![]() Consent to applications with offline access and read capabilities should be rare, especially as the knownApplications list is expanded. Offline access will provide the Azure App with access to the listed resources without requiring two-factor authentication. The alert title is: "Suspicious application consent for offline access." The description of the alert is: "This will alert when a user consents to provide a previously-unknown Azure application with offline access via OAuth. Just yesterday, we have a user who did the same thing, setup iOS native mail for work email. See we use Azure Sentinel to alert us with risky business. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |