Guides
Secure Access Help Center

Third-Party Apps Report

The Third-Party Apps report lists third-party cloud applications that have been authorized to access sanctioned tenant applications. This report provides visibility to the risks to which your system is exposed by third-party app authorizations.

Note: Currently the report presents information only about third-party applications authorized through Microsoft 365 tenants. You must authorize the tenant application for third-party access detection. For more information, see Enable Cloud Access Security Broker Protection for Microsoft 365 Tenants.

Third-Party Apps discovery is aggregated and processed on an hourly basis.

Table of Contents

Prerequisites

  • A minimum user role of Read-only. For more information, see Manage Accounts.

View the Third-Party Apps Report

  1. Navigate to Monitor > Reports > Third-Party Apps.
  2. View the following columns for information on third-party application access events.
  • Applications: The names of third-party applications that users have authorized through the tenant application listed under the Source column.
  • Identity: The names of users that have accessed the third-party applications. Hover over a name to see the email address for the user and the date and time of the access event.
  • Access Scope: The number of OAuth permission scopes granted to the third-party application. Click an Access Scope value to see details of permissions granted to the application.
  • Source: The tenant application from which authorization originated. Currently the report presents information only about third-party applications authorized through Microsoft 365 tenants. For more information, see Enable Cloud Access Security Broker Protection for Microsoft 365 Tenants.
  • Risk: The level of risk Secure Access has calculated for the third-party application, based on the access scope granted to the application. Levels of risk are Low, Medium, and High. Filter the report by level of risk using the filter selection to the left of the report.
  • Detected: The time and date when Secure Access detected the access event.
  1. Sort columns by Applications, Source, Risk, or Detected.
  2. Choose a time frame of application detection events. You can view the results for the last 24 hours, Yesterday, Last 7 Days, Last 30 Days, the Last Year (default), or a Custom range.
  1. Click the Refresh button at the top of the report to update results.

Search the Third-Party Apps Report

  1. Use the search bar above the report results to search by a specific application, identity, or OAuth permission scope.

Select a search result to apply it as a filter to the report columns Application, Identity, or Access Scope.

  1. Click Advanced to perform a targeted search.

Note:

  • There is a three-character minimum for search terms.
  • The search feature does not support wildcards.
  • The system does not search detail information from the Identity column.
  • Search results reflect matches found for all third-party applications that users have authorized. Results are not restricted by the time frame or filters applied to the report.

Export the Third-Party Apps Report

Click Download CSV at the top right of the report to export results in CSV format.

  • The export will include results of the time frame and filters applied to the report.
  • The file name format will be Third_Party_Apps_YYYY-MM-DDThh_mm_ss.sssZ.csv

Where:

  • YYYY-MM-DD represents the date of the download.
  • hh_mm_ss.sss represents the time of the download.

Category Details < Third-Party Apps Report > Cloud Malware Report

Updated about 1 month ago