Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AS-Revoke-Azure-AD-User-Session- Playbooks should use lower privilege #11438

Closed
jkerai1 opened this issue Nov 16, 2024 · 4 comments · Fixed by #11516
Closed

AS-Revoke-Azure-AD-User-Session- Playbooks should use lower privilege #11438

jkerai1 opened this issue Nov 16, 2024 · 4 comments · Fixed by #11516
Assignees
@v-sudkharat @v-shukore @v-visodadasi
Labels
Playbook Playbook specialty review needed

Comments

@jkerai1
Copy link
Contributor

jkerai1 commented Nov 16, 2024

User.ReadWrite.All was previously required but we have User.RevokeSessions.All now which is least privilege option

https://learn.microsoft.com/en-us/graph/api/user-revokesigninsessions?view=graph-rest-1.0&tabs=http
@jkerai1
Copy link
Contributor Author

jkerai1 commented Nov 16, 2024

Image
Same endpoint

@jkerai1
Copy link
Contributor Author

jkerai1 commented Nov 16, 2024

Affected Playbooks:

AS-Revoke-Azure-AD-User-Session-From-Entity

AS-Revoke-Azure-AD-User-Session-From-Incident

@v-sudkharat v-sudkharat added the Playbook Playbook specialty review needed label Nov 18, 2024
@v-visodadasi
Copy link
Contributor

Hi @jkerai1 , Could you please provide more details?

@jkerai1
Copy link
Contributor Author

jkerai1 commented Dec 2, 2024

@v-visodadasi

The app reg here should be using User.RevokeSessions.All not User.ReadWrite.All

See Least Privilege Table here: https://learn.microsoft.com/en-us/graph/api/user-revokesigninsessions?view=graph-rest-1.0&tabs=http#permissions

Image

@v-visodadasi v-visodadasi linked a pull request Dec 3, 2024 that will close this issue
Updated Permissions in AS-Revoke-Azure-AD-User-Session-From-Incident and AS-Revoke-Azure-AD-User-Session-From-Entity #11516
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@v-sudkharat v-sudkharat

@v-shukore v-shukore

@v-visodadasi v-visodadasi

Labels
Playbook Playbook specialty review needed
Projects
None yet
Milestone
No milestone
4 participants
@jkerai1 @v-sudkharat @v-shukore @v-visodadasi