Guidance on Potential Misconfiguration of Authorization of Multi-Tenant Applications that use Azure AD | allinfosecnews.com

March 29, 2023, 7 a.m. |

Microsoft Security Response Center msrc-blog.microsoft.com

Summary Summary Microsoft has addressed an authorization misconfiguration for multi-tenant applications that use Azure AD, initially discovered by Wiz, and reported to Microsoft, that impacted a small number of our internal applications. The misconfiguration allowed external parties read and write access to the impacted applications. Microsoft immediately corrected the misconfiguration and added additional authorization checks to address the issue and confirmed that no unintended access had occurred.

access address applications authorization azure azure ad external guidance internal microsoft misconfiguration multi-tenant wiz

More from msrc-blog.microsoft.com / Microsoft Security Response Center

Congratulations to the Top MSRC 2024 Q1 Security Researchers! 1 week, 2 days ago | msrc-blog.microsoft.com

check chen customers hard +13

Toward greater transparency: Adopting the CWE standard for Microsoft CVEs 2 weeks, 4 days ago | msrc-blog.microsoft.com

center communities current customers +20

Embracing innovation: Derrick’s transition from banking to Microsoft’s Threat Intelligence team 3 weeks, 3 days ago | msrc-blog.microsoft.com

analysts banking collect curiosity +20

Update on Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard 1 month, 2 weeks ago | msrc-blog.microsoft.com

actions actor attack blizzard +24

Faye’s Journey: From Security PM to Diversity Advocate at Microsoft 1 month, 4 weeks ago | msrc-blog.microsoft.com

career deployment desktop desktops +9

Microsoft boosts its Microsoft 365 Insider Builds on Windows Bounty Program with higher awards and … 1 month, 4 weeks ago | msrc-blog.microsoft.com

award awards bounty bug +16

From Indiana Jones to Cybersecurity: The Inspiring Journey of Devin 2 months ago | msrc-blog.microsoft.com

adventures cybersecurity dream found +7

An Obsession With Impact: The Inspiring Journey of a Dreamer That Led to a Career … 2 months ago | msrc-blog.microsoft.com

bruce career college dream +13

New Security Advisory Tab Added to the Microsoft Security Update Guide 2 months, 1 week ago | msrc-blog.microsoft.com

advisory customers feedback guide +16

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Information Security Consultant

@ Auckland Council | Central Auckland, NZ, 1010

View on infosec-jobs.com

Security Engineer, Threat Detection

@ Stripe | Remote, US

View on infosec-jobs.com

DevSecOps Engineer (Remote in Europe)

@ CloudTalk | Prague, Prague, Czechia - Remote

View on infosec-jobs.com

Security Architect

@ Valeo Foods | Dublin, Ireland

View on infosec-jobs.com

Security Specialist - IoT & OT

@ Wallbox | Barcelona, Catalonia, Spain

View on infosec-jobs.com