Microsoft Releases New Azure AD Property Lock Feature to Prevent Changes to App Credentials
Last Update: Mar 07, 2023 | Published: Mar 06, 2023
Microsoft has introduced a new feature that allows customers to configure an app instance property lock for Azure AD enterprise applications. The new capability helps organizations prevent attackers from making any changes to sensitive properties of multi-tenant application objects.
OAuth is a security protocol that enables users to share information about their accounts with third-party websites. It uses a token-based authentication process to provide access to resources and data, without requiring users to share their usernames and passwords. OAuth is widely used by all major tech companies such as Microsoft, Facebook, and Google.
Previously, threat attackers have exploited credentials such as X.509 certificates to take control of enterprise applications. The technique allows hackers to gain access to organizations’ cloud environments and steal sensitive information.
With property lock, IT admins can block any modifications to select or all sensitive properties of an app after it has been provisioned in a new tenant. “This feature provides application developers with the ability to lock certain properties if the application doesn’t support scenarios that require configuring those properties,” Microsoft explained.
How to configure app instance property lock for Azure AD apps
Microsoft detailed a couple of steps that can be used to configure an app instance lock with the Azure portal.
- Sign in to the Azure portal.
- Navigate to the top menu and click the Directories + subscriptions filter to switch to the specific tenant.
- Select Azure Active Directory >> App registrations and then click the Azure AD application.
- Select Authentication, navigate to the App instance property lock section, and select Configure.
- Finally, select the lock settings in the App instance property lock pane and save the changes.
It is important to note that the Azure AD property lock feature is available in preview for all Azure AD customers. Microsoft encourages IT admins to configure it before their apps are used in other tenants.
Overall, the new property lock feature is a welcome addition that should help to strengthen data protection measures and prevent breaches in enterprise environments. However, Microsoft recommends that administrators remain vigilant and monitor their apps for any suspicious activities.