What is the application "Office 365 Management" (AppId 00b41c95-dab0-4487-9791-b9d2c32c80f2) and why is Conditional Access not applied to it?

Tilman Schmidt 0 Reputation points
2024-11-07T16:22:56.1666667+00:00

I am investigating a security incident and I have identified entries in the MS Sentinel SigninLogs table that might be related to the breach with the attributes:

AppDisplayName: Office 365 Management

AppId: 00b41c95-dab0-4487-9791-b9d2c32c80f2

AuthenticationRequirement: singleFactorAuthentication

ConditionalAccessStatus: notApplied

ResultType: 0

We have enabled mandatory multi-factor authentication for all our users via conditional access policy, and I am concerned very much that there is apparently a way to bypass this.

What is this application "Office 365 Management"?

Why is my conditional access policy not applied to it?

What could an attacker do with it?

Can she just use it to check whether her stolen credentials are working or can she actually do harm beyond that?

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,157 questions
0 comments No comments
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.