- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe to Topic
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
Microsoft, please, follow your own guidance please!
Hi, as partners and app publishers we need to make every part of customer facing app and services secured. And this is the right way. Mandate MFA, mandate App certifications and ISV verification. Require only secured endpoints for AAD apps and all this things.
But, Microsoft, please. Follow this same guidance for your own apps which you develop for partners. Like today I was ask to approve incentive CHIP app, Channel Incentives Program. And what you think?
App has no verified developer, not publisher name, nor Terms or Privacy links, runs on HTTP endpoints even localhost one. So please, go, and fix your own app to look secure, because it is easy to approve something what is not coming from you, because we cannot distinct between crap phishing OAuth illicit grant apps and your partner facing apps.
Thanks in advance!
- Labels:
-
Security
