Risk Assessment Policies for MSO365

Learn how to detect apps, evaluate their risks, revoke their access to your Microsoft Office 365, and allow/blocklist with SpinOne App Risk Assessment Policies.

Written By Davit Asatryan (Administrator)

Updated at November 21st, 2022

Blocklist and Allowlist Policy  

The following policy allows administrators to take action against applications that meet the set conditions.

Conditions can be created by:

  • Application name - The full name or part of the name of an application. Multiple application names can be entered simultaneously.
  • Application category - Category to which the application belongs to. Multiple categories can be selected.
  • Application ID - A part of the application ID (for example the project ID), or the ID as a whole. This is intended to block/allow in-house developed applications. Multiple application IDs can be entered.
  • Developer - A company domain, or a developer's email. Multiple developers can be entered.
  • Scope of Permissions - Block or allow OAuth apps based on their requested scopes of permissions. Choose one or multiple of the available scopes.
  • Application Risk Score - The assessment score provided by SpinOne. If you choose to block applications in the actions area, the policy will look for all applications with the score you have entered and lower. If you choose to allow applications, the policy will look for all applications with the score you have entered and higher.

Actions can be created by:

  • Apps Audit lists - The choices Allowlist and Blocklist will be provided. Administrators can choose to allow or block applications based on the conditions they have set.
  • Monitoring Only Mode - The following action will only notify the administrator when OAuth Apps matching the conditions have been detected. When Monitoring Only Mode is selected, all other actions are disabled.
  • Send Notification - This action can only be paired with Apps Audit lists. Once an app or extension has been blocked or allowed, the administrator can choose to receive notifications about these events.

Was this article helpful?