Visibility into OAuth Apps

What’s the best way to get visibility into all the OAuth apps connected to M365? We keep finding ones we didn’t approve.

Hi Gavin,

When you refer to OAuth apps, you’re referring to Microsoft 365’s underlying Identity platform, named Microsoft Entra. These apps, may surface in your Microsoft 365 apps, like Outlook and in Microsoft 365 services like SharePoint Online.

In Microsoft Entra, the default setting is to allow user consent to apps. This allows people in the organization to integrate apps into the organization’s Entra tenant. The default setting allows for end-user productivity, but it may also lead to app sprawl.

In the Microsoft Entra admin portal, you can get an overview of all the apps in Microsoft Entra by navigating in the left navigation menu to Applications and then Enterprise applications. By default, this view filters out the Microsoft applications, systems and services that integrate by default with Entra (such as the forementioned SharePoint Online service).

If you want to clean up the applications that people in your organization have added to Microsoft Entra, you may want to know if the application was added by a user, a guest or an admin. You might also want to know when the app was last used (even if this was over 30 days ago) and you might want to know if the app has lavish permissions to people’s data. ENow’s App Governance Accelerator provides this information in ready-to-use reports, so you don’t have to create and update PowerShell scripts, and especially don’t have to perform eight clicks per app (on average) to get to some of the information you need…