Product: ITDR
Environment: Rogue Applications
Summary: How to remove a rogue application from a Microsoft 365 tenant.
Removing a Rogue Application from a Tenant
This article describes the steps necessary to completely remediate an identified Rogue Application within a Microsoft 365 tenant. During Early Access of the Rogue Applications capability, please follow the steps below to prevent malicious actors from accessing your Microsoft environment.
Step 1.
Navigate to the Azure portal for the tenant (portal.azure.com).
Step 2.
Click on the Enterprise Applications widget within Azure or type “Enterprise Applications” into the Azure search bar.
Locate the entry for the Rogue Application in question and click on it.
Step 3.
Click on the properties tab on the left navigation bar.
Step 4.
There are two options to remediate usage of the application.
Option 1 (Recommended)
- Click the delete button to completely delete the application from the tenant
- Revoke all active sessions for all identities using the application
Option 2
- Select “No” for the “Enabled for users to sign-in?” option
- Revoke all active sessions for all identities using the application