Guidance on Potential Misconfiguration of Authorization of Multi-Tenant Applications that use Azure AD

  • Thread starter Thread starter MSRC
  • Start date Start date
M

MSRC

Summary Microsoft has addressed an authorization misconfiguration for multi-tenant applications that use Azure AD, initially discovered by Wiz, and reported to Microsoft, that impacted a small number of our internal applications. The misconfiguration allowed external parties read and write access to the impacted applications. Microsoft immediately corrected the misconfiguration and added additional authorization checks to address the issue and confirmed that no unintended access had occurred.

Continue reading...
 
Back
Top