Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Agency-reported issue: MS.TEAMS.5.1v1 displays warning for Microsoft apps #1495

Open
mitchelbaker-cisa opened this issue Jan 6, 2025 · 2 comments · May be fixed by #1601
Open

Agency-reported issue: MS.TEAMS.5.1v1 displays warning for Microsoft apps #1495

mitchelbaker-cisa opened this issue Jan 6, 2025 · 2 comments · May be fixed by #1601
Assignees
@nanda-katikaneni
Labels
bug This issue or pull request addresses broken functionality
Milestone
Marlin

Comments

@mitchelbaker-cisa
Copy link
Collaborator

mitchelbaker-cisa commented Jan 6, 2025
edited
Loading

🐛 Summary

MS.TEAMS.5.1v1 states the following, "Agencies SHOULD only allow installation of Microsoft apps approved by the agency."

We received a public report that M365-Teams-App-Permission and M365-Teams-ThirdParty-App-Permission may be incorrect in the report output. Determine if the Rego for this policy needs to be tweaked.

Image

To reproduce

Steps to reproduce the behavior:

  1. Recommend going into the respective admin console for Teams to see how we can best replicate this scenario. MS.TEAMS.5.1v1 implementation instructions.

Expected behavior

  • MS.TEAMS.5.1v1 should report specifically on Microsoft applications
  • MS.TEAMS.5.2v1 should report specifically on third-party applications
  • MS.TEAMS.5.3v1 should report specifically on custom applications
@mitchelbaker-cisa mitchelbaker-cisa changed the title Agency-reported issue: MS.TEAMS.5.1v1 displays warning on Microsoft apps Agency-reported issue: MS.TEAMS.5.1v1 displays warning for Microsoft apps Jan 6, 2025
@schrolla schrolla added this to the Marlin milestone Jan 6, 2025
@schrolla schrolla added the bug This issue or pull request addresses broken functionality label Jan 6, 2025
@nanda-katikaneni nanda-katikaneni self-assigned this Feb 10, 2025
@mitchelbaker-cisa
Copy link
Collaborator Author

@nanda-katikaneni First let's speak with the agency POC to determine if the policy can be configured correctly on their end. Based on their screenshot M365-Teams-App-Permission seems like a Microsoft-specific policy, whereas M365-Teams-ThirdParty-App-Permission is applicable to third-party applications. This may simply be a misconfiguration on the agency's part and may not require code changes. If true then we can close as not implemented.

@nanda-katikaneni
Copy link
Collaborator

Emailed the agency POC and waiting for the response (02/13).

@nanda-katikaneni nanda-katikaneni linked a pull request Feb 27, 2025 that will close this issue
Open
21 tasks
@nanda-katikaneni nanda-katikaneni linked a pull request Feb 27, 2025 that will close this issue
MS.TEAMS.5.xv1 - update warning message to reflect the correct reason for the policy fail (public reported issue) #1601
Open
21 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nanda-katikaneni nanda-katikaneni

Labels
bug This issue or pull request addresses broken functionality
Projects
None yet
Milestone
Marlin
3 participants
@nanda-katikaneni @schrolla @mitchelbaker-cisa