Guides
ProductDeveloperPartnerPersonal
Guides
ProductDeveloperPartnerPersonal

Third-Party Apps Report

Suggest Edits

The Third-Party Apps report lists third-party cloud applications that have been authorized to access sanctioned tenant applications. This report provides visibility to the risks to which your system is exposed by third-party app authorizations.

Note: Currently the report presents information only about third-party applications authorized through Microsoft 365 tenants. See Enable Cloud Access Security Broker Features for Microsoft 365 Tenants.

Third-Party Apps discovery is aggregated and processed on an hourly basis.

Prerequisites

View the Third-Party Apps Report

To view the Third-Party Apps report:

  1. Navigate to Reporting>Additional Reports> Third-Party Apps.
  1. Select the time window for the report results. This time reflects the dates and times the third-party apps were authorized. You can view the results for the Last Year (default), Yesterday. Last 7 Days, Last 30 Days, or a Custom Range.

The Third-Party Apps report presents the following columns of information:

  • Applications

The names of third-party applications that users have authorized through the tenant application listed under the Source column.

  • Identity

The names of users that have accessed the third-party applications. Hover over a name to see the email address for the user and the time and date of access.


  • Access Scopes

The number of access permission scopes granted to the third-party application. Click on a value in the Access Scopes column to see the scopes listed by name.



  • Source

The tenant application from which authorization originated.

  • Risk

The level of risk Umbrella has calculated for the third-party application, based on the access scopes that have been granted to the application. The possible values are Low, Medium, and High. You can filter the report results by values in this column using the filter selections on the left side of the screen.

  • Detected

The time and date when Umbrella detected the access event.


Use Search

You can search the Third-Party Apps report by keywords to find specific events.

Note:

  • There is a minimum three-character limit when searching the Third-Party Apps report.
  • The search feature does not support wildcards.
  • The system does not search detail information from the Identity column.
  1. Navigate to Reporting>Core Reports> Third-Party Apps.
  2. Enter a string in the search box. Umbrella searches the report for that value in the Application, Identity, and Access Scope fields and displays matching results for all three fields. This result reflects the matches found for all third-party applications users have authorized; this result is not restricted by the time window you have applied to the report.
  1. Scroll through the results and choose a value to apply as a filter to the report.

A. Scroll through the results and click on any matching value to filter the report by that value. In the example below the report will be filtered by applications that have been granted the Access Scope "Microsoft Graph - Have full access to all files user can access."

B. Scroll to the end of the results shown for a field and click Show All to filter the report by all results that match the search term. In the example below you would click on the highlighted Show All link to filter by all applications that have "Microsoft" in their name.

The filtered search results that appear reflect matches for third-party applications that were accessed within the time window you have selected. In the example below that time window is the year 2022.


Use Advanced Search

You can search the Third-Party Apps report by keywords in selected fields to find specific access events.

Note:

  • There is a minimum three-character limit when searching the Third-Party Apps report.
  • The search feature does not support wildcards.
  • The system does not search detail information from the Identity column.
  1. Click Advanced in the search bar to bring up Advanced Search.

You can filter by specific values in the report columns Identity, Access Scope, and Application. Type the desired value in a filter field; a list of matches for that field will appear. This result reflects the matches found for all third-party applications users have accessed using credentials from tenant applications authorized for Cloud Malware protection; this result is not restricted by the time window you have applied to the report.

  1. Choose the value(s) to apply as a filter to the report.

A. Enter one or more search terms in the search box for Identity, Access Scope, or Application. Scroll through the results and click on any matching value to filter the report by that value. In the example below the report will be filtered by applications that have been granted the Access Scope Microsoft Graph - Have full access to user files.

B. Scroll to the end of the results shown for a field and click Show All to filter the report by all results that match the search term. In the example below you would click on the Show All link to filter by all applications that have an access scope with "full" in its name.

C. Repeat as needed to create a filter with the desired combination of criteria. In the example below the user has selected to filter for all instances of Netskope Activity Feeds for Microsoft Onedrive that have been granted an access scope that includes the string "full."

Note: You must select a value from the list that appears below your search term to apply that value as a filter on the report. Selected values appear in grey boxes as shown above. If no list of matches appears below your search term, there are no matches that you can apply as a filter.

  1. Click APPLY.

The report displays results matching the combined search criteria for all columns. The results are filtered by the time window you have selected.


Export the Third-Party Apps Report

You can export the Third-Party Apps report to a CSV file.

  1. Navigate to Reporting>Core Reports>Third-Party Apps.
  2. Select the time window for the report results. This time reflects the dates and times the third-party apps were accessed. You can view the results for the Last Year (default), Yesterday. Last 7 Days, Last 30 Days, or a Custom Range.
  3. Filter the report by Risk level, or use the Search or Advanced Search features to refine your results.
  4. Click Download CSV to download the report in CSV format.
  1. Navigate to your Downloads folder to view the report. The file name format will be Third_Party_Apps_YYYY-MM-DDThh_mm_ss.sssZ.csv

Where:

  • YYYY-MM-DD represents the date of the download.
  • hh_mm_ss.sss represents the time of the download.

Data Loss Protection Report < Data Loss Prevention Report

Updated about 1 month ago