Azure Service Principal of external application has a custom role

IAM misconfigurations

Azure Service Principal of external application has a custom role

Risk Level

Hazardous (3)

Platform(s)

Compliance Frameworks

Brazilian General Data Protection (LGPD)
CCM-CSA
CCPA
cis_8
CPRA
Data Security Posture Management (DSPM) Best Practices
essential_8_au
ISO/IEC 27001
Microsoft Cloud Security Benchmark
Mitre ATT&CK
New Zealand Information Security Manual
NIST 800-171
NIST 800-53
PDPA
UK Cyber Essentials

Description

External Application {AzureServicePrincipal} has custom role {AzureServicePrincipal.RoleAssignments.RoleDefinition}. Over-permissive roles might be a risk to the organization and should be reviewed

Recommended Mitigation

It is recommended to examine the application {AzureServicePrincipal}, and the custom role {AzureServicePrincipal.RoleAssignments.RoleDefinition}. Apply permissions by the 'least privileges principle'.

Azure Service Principal of external application has a custom role

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS