What is the application "Office 365 Management" (AppId 00b41c95-dab0-4487-9791-b9d2c32c80f2) and why is Conditional Access not applied to it?
I am investigating a security incident and I have identified entries in the MS Sentinel SigninLogs table that might be related to the breach with the attributes:
AppDisplayName: Office 365 Management
AppId: 00b41c95-dab0-4487-9791-b9d2c32c80f2
AuthenticationRequirement: singleFactorAuthentication
ConditionalAccessStatus: notApplied
ResultType: 0
We have enabled mandatory multi-factor authentication for all our users via conditional access policy, and I am concerned very much that there is apparently a way to bypass this.
What is this application "Office 365 Management"?
Why is my conditional access policy not applied to it?
What could an attacker do with it?
Can she just use it to check whether her stolen credentials are working or can she actually do harm beyond that?