Any maker has the ability to use the Office365Groups connector in their applications. If a malicious maker places the script I show in the image, the maker can grant himself permissions to the same groups where the end user is the owner.
I don't see that there is a way to control the use of these connector actions by DLP. Does anyone have any suggestions?
The security department of the company I work for is very concerned because this breaks down any security that the entraID can provide us.
The script shows how in the OnStart of an application, a maker can silently add members deliberately to the groups where the end user is the owner.
Please click Does this answer your question if my post helped you solve your issue. This will help others find it more readily. It also closes the item. If the content was useful in other ways, please consider giving it a Like.
Thanks,
ANB
Under review
Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.