How to mitigate the following risk noted in the MCAM Risk Report and Management Plan.
Customers will sometimes ask how to configure O365 to prevent being flagged for the following issue (see below) in the Microsoft Cloud Assessment Module.
Unimplemented Microsoft Control: Integrated Apps.
Tighten the security of your services by regulating the access of third-party integrated apps. Only allow access to necessary apps that support robust security controls. Third-party applications are not created by Microsoft, so there is a possibility they could be used for malicious purposes like exfiltrating data from your tenancy. Attackers can maintain persistent access to your services through these integrated apps, without relying on compromised accounts. Policy in place: false.
In order to address this issue the customer must configure a conditional access policy for integrated apps. Please see the Microsoft article below.
The results of this call are updated ‘offline’ by Microsoft in intervals of about 24 hours, so changing a setting would not have an immediate effect on this data. After any change the customer should wait some time until MS updates the secure scores.
Secure scores can be checked on azure AD in https://security.microsoft.com/securescore?viewid=overview. The setting affecting this particular issue is relative to the article below:
Changing this setting in O365 should reflect in the reports after 24-48 hours. I verified this by scanning our O365 test environment and performing my scans/reports afterwards.