Skip to main content

Notifications

Power Apps - Building Power Apps
Unanswered

Possible vulnerability in granting consent for the Office365Groups connector

(1) ShareShare
ReportReport
Posted on by 21
Any maker has the ability to use the Office365Groups connector in their applications. If a malicious maker places the script I show in the image, the maker can grant himself permissions to the same groups where the end user is the owner.
I don't see that there is a way to control the use of these connector actions by DLP. Does anyone have any suggestions?
The security department of the company I work for is very concerned because this breaks down any security that the entraID can provide us.
The script shows how in the OnStart of an application, a maker can silently add members deliberately to the groups where the end user is the owner.
 
Categories:
  • Hernan Ramirez Profile Picture
    Hernan Ramirez 21 on at
    Possible vulnerability in granting consent for the Office365Groups connector
    Hi @ANB, thank you very much for answering.
     
    These options are not available for this connector:
     
    Regards,
    Hernan
     
  • ANB Profile Picture
    ANB 7,060 on at
    Possible vulnerability in granting consent for the Office365Groups connector
    Hi @Hernan Ramirez, I hope I understood your question correctly:
     
    You can restrict the connectors: Please check:
     
     

    Please click Does this answer your question if my post helped you solve your issue. This will help others find it more readily. It also closes the item. If the content was useful in other ways, please consider giving it a Like.


    Thanks,
    ANB

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Microsoft Kickstarter Events…

Register for Microsoft Kickstarter Events…

Announcing Our 2025 Season 1 Super Users!

A new season of Super Users has arrived, and we are so grateful for the daily…

Announcing Forum Attachment Improvements!

We're excited to announce that attachments for replies in forums and improved…

Leaderboard

#1
WarrenBelz Profile Picture

WarrenBelz 145,343

#2
RandyHayes Profile Picture

RandyHayes 76,287

#3
Pstork1 Profile Picture

Pstork1 64,703

Leaderboard