Hi @Tilman Schmidt
Thank you for posting your query on Microsoft Q&A.
I understand that you have enabled mandatory multi-factor authentication for all our users via conditional access policy, but conditional access policy not applied on application "Office 365 Management" Since the authentication requirement is listed as single Factor Authentication, it indicates that the app is not enforcing multi-factor authentication (MFA), which suggests a potential gap in your security policies.
There are several reasons this could happen:
1.Excluded App: It's possible that your conditional access policies explicitly exclude this application, either because it’s been configured as a trusted application or because it requires a different policy. You should check the details of your Conditional Access policies to ensure this app is included.
2.App Permissions: This application might use a different authentication method or have a different scope, such as relying on legacy authentication protocols or service principal authentication, which wouldn't be subject to user-based conditional access policies.
If an attacker gains access to the Office 365 Management app using stolen credentials, they could perform several harmful actions:
1.Credential Checking: The attacker can verify whether their stolen credentials are valid by attempting to log in.
2.User Management: If they gain sufficient permissions, they could add or remove users, reset passwords, or change user roles, potentially compromising further accounts.
3.Data Access: Depending on the permissions granted to the app, an attacker could access sensitive organizational data stored within Microsoft 365 services.
So, to solve issue you need to:
1.Review Conditional Access Policies: Verify that all your conditional access policies are configured to cover administrative apps like Office 365 Management, particularly ensuring that MFA is required for all access to administrative tools.
2.Check Legacy Authentication: If your organization allows legacy authentication methods (such as Basic Auth), ensure that these are disabled, as they are more susceptible to bypassing MFA.
Hope this helps. Do let us know if you have any further queries.
------------
If this answers your query, do click `Accept Answer`
and `Yes`
if this answer helpful.
Thanks,
B. Siri Chandana.