Triggers
- A third-party cloud application has requested excessive or risky access, which may allow malicious activities to be performed on behalf of the granter of the permission.
Possible Root Causes
- An attacker is trying to trick the user into delegating permissions to them which will enable further malicious activities.
- A new legitimate 3rd party application is installed in the organization which requires elevated permissions from users.
Business Impact
- Malicious applications are able to perform actions with delegated permissions without a user’s knowledge and may be difficult to detect.
- Depending on the delegated privileges involved, the impact may range from single account takeover to full subscription compromise.
Steps to Verify
- Validate that this is an authorized application which has been vetted for risk by the security team.