You’re not giving them access to anything. Oauth is an authentication protocol that only grants specific and a very limited access to certain attributes. Of course, as with any third-party add-on depending on what the product does will determine access, so for example if you use a third-party back up to like Veam then it will need a large number of permissions. Other than that you don’t need to be paranoid 😊
When its free you are the product. What data are these companies mining from your tenant and what else beyond the "Free" reports do they do with that data?
These companies do not actually process your data or store your data. They’re essentially a wrap and you can see what permissions they have via the Oauth token when you approve the connection
Major thanks for all that info. Gonna try the SquareX tool.
Thanks Andy
great tips, especially the last one, thanks
SquareX sounds great to have. Thx for the info
Amazing information as always
Love this list some great tools! Thanks…
Awesome 👏
Thanks for Sharing; Which app would you recommend for TOTP OTP.
Either the Microsoft or Google authenticator apps
do i give a 3rd party Supercops access to our corp AD either cloud or on-prem? seems a bit of a security risk
You’re not giving them access to anything. Oauth is an authentication protocol that only grants specific and a very limited access to certain attributes. Of course, as with any third-party add-on depending on what the product does will determine access, so for example if you use a third-party back up to like Veam then it will need a large number of permissions. Other than that you don’t need to be paranoid 😊
Do you have any threat detection tools to recommond in enterprice ? Better be free and easy to use. Thanks
Personally, I wouldn’t risk the security of an enterprise by using free tools. You’ll need something more robust.
@@AndyMaloneMVP thank you
When its free you are the product. What data are these companies mining from your tenant and what else beyond the "Free" reports do they do with that data?
These companies do not actually process your data or store your data. They’re essentially a wrap and you can see what permissions they have via the Oauth token when you approve the connection
@@AndyMaloneMVP Can you do a video on this. What is a Oauth token and how do you see it etc.
how to use Office 365 password policy on specops
I’ll cover this in the future session, but for now I would visit the specOps website and look through their documentation
@@AndyMaloneMVP Looks at the documentation... immediately zones out. This is rough to read.