Security and best practices

You can use these security best practices to reduce risks and maintain a secure environment.

  • Principle of least privilege: Grant only the minimum permissions required for the RPA workflows.
  • Grant appropriate permission: Configure APIs with controlled access when using application permissions. Access must be limited only to the mailboxes, sites, or files required for the specific use case.
  • Secret Management: Store client secrets securely and rotate before expiration.
  • Monitoring: Review application access logs regularly in Azure AD.
  • Documentation: Maintain records of the permissions used and the RPA processes for which permissions are configured.

Security risk and considerations for application permission

This section lists the potential security risks of application permissions and the point to consider when granting permissions.

  • Broad access scope (Highest risk)

    Application permissions grant access to ALL resources in the tenant, not just specific users or resources.

    For example:

    • Mail.Read with Application permission: Reads ALL mailboxes in the organization.
    • Files.ReadWrite.All: Access ALL files across ALL users' OneDrive and SharePoint sites
    • Sites.ReadWrite.All: Modify ANY SharePoint site in the tenant

    Impact

    A compromised application or leaked credentials can expose data of the entire organization.

    Mitigation

    • Request minimum permissions: Request only the permissions that are strictly required.
    • Use delegated permissions when possible: Use delegated permissions if user-specific access is sufficient instead of application permissions.
    • Restrict resource access: Limit access to only the required mailboxes, sites, or files. For example, access can be restricted to a specific mailbox or site by using the Account property available in the activity. This ensures that access is granted only to the specified account.
  • No user context or consent

    Risk

    Application permissions bypass individual user consent and operate without user awareness.

    Impact

    • Lack of user awareness: Users are aware when the data is being accessed.
    • Limited audit trail: No audit trail linking actions to specific users.
    • Reduced traceability:Difficult to identify who initiated automated actions.
    • Compliance Risks: Leads to compliance issues with data privacy regulations such as GDPR and HIPAA.