The Microsoft Security Response Center has always been at the forefront of addressing cyber threats, privacy issues, and abuse arising from Microsoft Online Services.
Building on our commitment, we have introduced several key updates to the Report Abuse Portal and API, which will significantly improve the way we handle and respond to abuse reports.
Based on the recent rise in malicious apps, attacker trends, and customer feedback, we realized the need to provide the option to report malicious OAuth applications.
We are excited to announce a new feature in the MSRC Reporting Portal and the supporting API that allows the reporting of suspicious OAuth applications registered in Entra ID. This enhancement is aimed at streamlining the investigation process and enabling a quicker and more precise response to customer reports, including improving our detections of malicious applications.
The step-by-step guidance for reporting apps is provided later in this blog post.
A common concern from this community has been the inability to report multiple related IPs or URLs in a single abuse report, often resulting in the need to submit multiple reports for the same incident.
We have addressed this issue by updating the Abuse Portal to allow reporting of up to 10 IPs and URLs for the same abuse type in one report.
The API has also been updated to support this feature without any restrictions on the number, which is particularly beneficial in cases like DDoS attacks.
Summary of incident types that can be reported via the Portal and the API. IP Address Threats.
Fraudulent Publisher - an OAuth App's publisher or developer appears to be fraudulent or seems to be impersonating an authentic publisher.
Suspicious App - an OAuth App is misrepresenting its identity for fraudulent purposes, including impersonating a legitimate app to mislead users or being used in another abusive way.
Misuse of Data - a legitimate OAuth App from a legitimate publisher is mishandling or abusing access to data in a way that violates the terms of a service agreement.
Application ID Incident Date Reason for reporting Additional details that can help us understand the issue better.
This option can be leveraged when you would like to report multiple entities associated with the same incident or incident type.
This cannot be used to report multiple incident types in the same report.
Doing so will result in an incorrect report which can be non-actionable.
While the rest of the form remains the same, you will notice the option to add more IPs and URLs to the report depending on the incident type.
You can add up to 10 at a time in a report using the portal.
If you need to report more, please use the API. Report Abuse API Endpoint.
The MSRC engineering team's significant investments in the Abuse Report Portal and API reflect our ongoing dedication to security and customer satisfaction.
This Cyber News was published on msrc.microsoft.com. Publication date: Wed, 03 Jul 2024 22:43:05 +0000