Connected Apps allows Skyhigh CASB Incident Managers to discover third-party applications associated with Microsoft 365 and connected to your corporate environment via OAuth. Then it provides a workflow for you to manually remediate, audit, allow, or block Connected Apps access to user's data, to notify users via email of an app's status, and revoke access as needed.
For more general information on Connected Apps, see About Connected Apps. For information on creating and managing policies, see Connected Apps Policies.
Skyhigh CASB uses Microsoft Graph API to access Connected Apps and user information. For details, see Overview of Microsoft Graph.
Microsoft Graph API supports the following Microsoft applications:
- Microsoft Office
And all the add-ins that are available at Microsoft.com.
Enabled by Default
Connected Apps for Microsoft 365 is enabled by default when you integrate Microsoft 365 with Skyhigh CASB. For details, see Skyhigh CASB for Microsoft 365 Integration Workflow.
Disable Connected Apps
You can disable Connected Apps if you do not want to use the feature.
- Go to Settings > Service Management.
- Select your Microsoft 365 instance.
- On the Setup tab, and for API, click Edit.
- Toggle Connected Apps to Disabled.
- In the Disabling a Feature confirmation dialog, click Disable.
Visibility of Office 365 Connected Apps
Connected Apps allows Skyhigh CASB Incident Managers to discover third-party applications associated with Microsoft 365 and connected to your corporate environment via OAuth. For a Connected App to display in Skyhigh CASB, an app must be granted access to the Office 365 corporate assets. This triggers an API event that Skyhigh CASB uses to display the app.
For some Office 365 apps, the integration method is different where no consent is granted from the user and no scopes are granted to the app. This means that the app does not have any access to the Office 365 assets and no data can be exfiltrated from Office 365 to the third-party app. These apps are not displayed in Skyhigh CASB.