back to article Microsoft 365 guest accounts + Power Apps = security nightmare

Microsoft 365 guest accounts aren't nearly as secure as Redmond would lead customers to believe, as low-code security expert Michael Bargury demonstrated at Black Hat. Guest accounts are commonly used by Microsoft shops to give non-employees access to their 365 tenancy with limited permissions, usually just access to a Teams …

  1. Scott 26
    Mushroom

    Great. Looks like I have some work to do this morning - or at the least, tell my client's internal PA team, THEY have some work to do.

  2. thondwe

    Not just Guest accounts if you have a population of Students for example...

    1. Mungo Bung

      "Just stick students and staff in the same tenant - what could possibly go wrong?" *headdesk*

  3. MiguelC Silver badge

    Re: "that shouldn't matter if a company is practicing good access management." That would be true, but it's here that Bargury's experience as co-founder and CTO of Zenity, a low-code/no-code security and governance platform, comes into play: he says many companies aren't.

    That's where the problem lies, because if it wasn't PowerApps it would be something else.

  4. Claptrap314 Silver badge

    Who would have guest...

    that a m$ product was insecure?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like