Cybercriminals are exploiting trusted platforms, and Microsoft Entra ID is increasingly vulnerable due to a method called OAuth consent abuse. This tactic allows rogue applications, which mimic trusted tools like ChatGPT, to access corporate email accounts without requiring user passwords.
Understanding OAuth Consent Abuse
OAuth, or Open Authorization, is a widely used protocol that permits applications to access a user’s data with their consent. In the case of Entra ID, when users link a third-party application to their Microsoft account, they see a consent prompt detailing the permissions requested by the app. Attackers exploit this by designing applications that seek sensitive permissions such as Mail.Read, allowing them full access to the user’s email once consent is given.
Analysts from Red Canary documented a scenario where a corporate user, identified as [email protected], linked ChatGPT as a third-party service in an Entra ID tenant. As a non-admin, the user consented to several OAuth permissions, including Mail.Read, offline_access, profile, and openid. Despite this particular application being legitimate, the investigative steps mirrored real-world incidents previously observed by Red Canary.
The Risks of Unchecked Permissions
The real threat is not limited to ChatGPT itself but lies in the attack pattern. Any application that secures the Mail.Read permission with user consent can surreptitiously access all emails in the targeted inbox. In a successful attack, a malicious actor might craft a seemingly innocuous app, distribute it via phishing links, and then collect sensitive emails and credentials without the victim’s knowledge.
This risk is exacerbated by Entra ID’s default setting, which allows standard users to grant permissions that do not require administrative approval. Consequently, a single employee can inadvertently expose sensitive data by approving what appears to be a routine app connection.
Detection and Prevention Measures
Within Entra ID, when a user is prompted to connect an application—whether via phishing, social engineering, or legitimate means—two specific audit log events are recorded: “Add service principal” and “Consent to application.” These events share a CorrelationId, enabling security teams to trace the consent chain to a single user action.
Red Canary’s detection strategy focuses on identifying non-admin consent grants tied to new third-party applications with commonly abused OAuth scopes. A key sign is when the AppOwnerOrganizationId in the audit log does not match the tenant’s ID or known Microsoft identifiers, indicating a third-party application that warrants scrutiny. Commonly abused scopes include Mail.Read, Files.Read.All, Chat.Read, and Sites.Read.All.
Upon confirming a malicious consent grant, immediate steps include revoking the OAuth permission using the grant ID from the audit event and removing the service principal using its object ID. These actions can be executed with Microsoft Graph PowerShell commands.
For preventive measures, Microsoft offers three consent policy configurations. The most secure requires administrator approval for all consent requests, eliminating the risk of non-admin users authorizing any applications. A balanced option restricts consent to verified publishers with low-risk permissions. Microsoft’s recommended setup applies user consent guidelines to balance security with operational ease.
