5.1.5.1 Ensure the Application Usage report is reviewed at least weekly

Information

The Application Usage report includes a usage summary for all Software as a Service (SaaS) applications that are integrated with the organization's directory.

Rationale:

Review the list of app registrations on a regular basis to look for risky apps that users have enabled that could cause data spillage or accidental elevation of privilege. Attackers can often get access to data illicitly through third-party SaaS applications.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

To review the Application Usage report:

Navigate to Microsoft Entra admin center https://entra.microsoft.com/.

Click to expand Identity > Applications select Enterprise applications.

Under Activity select Usage & insights.

Review the information.

See Also

https://workbench.cisecurity.org/benchmarks/15279

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-6, 800-53|AU-6(1), 800-53|AU-7(1), CSCv7|6.2

Plugin: microsoft_azure

Control ID: e6e64e5e4f4b1819576d3e84ea0c0db6da67c9abe8bc0aa9c9df71ab91b06ca0