Skip to main content This browser is no longer supported. Show
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Enhance security with the principle of least privilege
In this articleThe information security principle of least privilege asserts that users and applications should be granted access only to the data and operations they require to perform their jobs. Follow the guidance here to help reduce the attack surface of an application and the impact of a security breach (the blast radius) should one occur in a Microsoft identity platform-integrated application. Recommendations at a glance
Overprivileged applicationsAny application that's been granted an unused or reducible permission is considered overprivileged. Unused and reducible permissions have the potential to provide unauthorized or unintended access to data or operations not required by the application or its users to perform their jobs. Avoid security risks posed by unused and reducible permissions by granting only the appropriate permissions. The appropriate permissions are the ones with the least-permissive access required by an application or user to perform their required tasks. Unused permissionsAn unused permission is a permission that's been granted to an application but whose API or operation exposed by that permission isn't called by the application when used as intended.
Reducible permissionsA reducible permission is a permission that has a lower-privileged counterpart that would still provide the application and its users the access they need to perform their required tasks.
Use consent to control access to dataMost applications require access to protected data, and the owner of that data needs to consent to that access. Consent can be granted in several ways, including by a tenant administrator who can consent for all users in an Azure AD tenant, or by the application users themselves who can grant access. Whenever an application that runs in a device requests access to protected data, the application should ask for the consent of the user before granting access to the protected data. The user is required to grant (or deny) consent for the requested permission before the application can progress. Least privilege during application developmentThe security of an application and the user data that it accesses is the responsibility of the developer. Adhere to these guidelines during application development to help avoid making it overprivileged:
Least privilege for deployed applicationsOrganizations often hesitate to modify running applications to avoid impacting their normal business operations. However, an organization should consider mitigating the risk of a security incident made possible or more severe by using overprivileged permissions to be worthy of a scheduled application update. Make these standard practices in an organization to help make sure that deployed applications aren't overprivileged and don't become overprivileged over time:
Next steps
FeedbackSubmit and view feedback for What security implementation principle is used for granting users only the rights that are necessary for them to perform their work?The principle of least privilege (PoLP) refers to an information security concept in which a user is given the minimum levels of access – or permissions – needed to perform his/her job functions.
What is the principle of limited privilege?The principle of least privilege addresses access control and states that an individual should have only the minimum access privileges necessary to perform a specific job or task and nothing more.
What are three principles of least privilege?Best Practices for the Principle of Least Privilege (How to Implement POLP) Conduct a privilege audit. Check all existing accounts, processes, and programs to ensure that they only have the permissions required to do the job. Start all accounts with least privilege.
Which design principles of security states that subject should be given only those privileges that it requires?The Principle of Least Privilege states that a subject should be given only those privileges needed for it to complete its task. If a subject does not need an access right, the subject should not have that right. Further, the function of the subject (as opposed to its identity) should control the assignment of rights.
|