Potantially malicious "Tutorial Sample App" application in my Microsoft 365 App dashboard

Guiadem , Grace 50 Reputation points
2023-09-22T15:52:16.43+00:00

So there is an "Tutorial Sample App" application in my Microsoft 365 store that i can remember to have created, but i'm marked as the creator of the app. The App has all possible Role Permissions. I received this email from microsoft about that it can be a malware. Is it possible that this app comes from whatever self-created sample app from microsoft, since after googling i noticed that the app id is often use in microsoft sample projects ?

Mail from microsoftBildschirmfoto vom 2023-09-22 17-47-59

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
4,738 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,372 questions
0 comments No comments
{count} votes

Accepted answer
  1. Givary-MSFT 32,311 Reputation points Microsoft Employee
    2023-09-25T07:30:54.4466667+00:00

    @Guiadem , Grace Thank you for reaching out to us, As I understand you are looking for more details on the email which was sent to you regarding this app "Tutorial Sample App, 6731de76-14a6-49ae-97bc-6eba6914391e"

    Researched on this email alert, here is the below information which I have got Incident Repudiation Management and Abuse Prevention team disabled an application called Tutorial Sample App, 6731de76-14a6-49ae-97bc-6eba6914391e, in response to a report that this app (a Microsoft FTE-owned sample app in microsoftaccounts) had more privileges than required, hence we disabled this app as a security measure.

    This app was meant to be illustrative, if you are using this app for any testing, make sure you revisit the user consent permissions and also refer to this link for more information - https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/protect-against-consent-phishing#mitigating-consent-phishing-attacks-using-azure-ad

    Let me know if you have any further questions, feel free to post back.

    Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.


1 additional answer

Sort by: Most helpful
  1. Mary Baddam 15 Reputation points
    2023-09-25T13:39:22.6466667+00:00

    This certainly helps. It would have been better if Microsoft would have had some sort of communication that this was a test by them instead of leaving the users worried and guessing.

    3 people found this answer helpful.
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.