Threat actors are exploiting a security vulnerability within Microsoft Entra ID, also known as Azure Active Directory, through a technique called OAuth consent abuse. This sophisticated attack allows malicious applications, sometimes disguised as legitimate tools like ChatGPT, to gain unauthorized access to sensitive user data, including email accounts, without requiring the user’s password. The implications for businesses relying on Entra ID for identity and access management are significant, as these attacks can lead to data breaches and compromised corporate networks.
A recent analysis by Red Canary highlighted a specific attack scenario where a user inadvertently granted extensive permissions to a third-party application within Entra ID. This unauthorized access, facilitated by the OAuth protocol, bypasses traditional password-based security measures. The ease with which these permissions can be granted by non-administrative users presents a considerable risk to organizational data security, as employees may not fully understand the implications of the permissions they are approving.
OAuth (Open Authorization) is a widely adopted protocol designed to allow users to grant third-party applications limited access to their data on one service, without sharing their credentials. In the context of Entra ID, when a user attempts to connect a new application, they are presented with a consent prompt detailing the specific permissions the application is requesting. Attackers exploit this system by crafting applications that deceptively request broad permissions, such as the ability to read all emails (Mail.Read). Once granted, this permission allows the malicious application to silently access and exfiltrate the contents of the user’s entire inbox.
Red Canary’s case study involved a corporate user who added an application resembling ChatGPT to their Entra ID tenant. The user, acting as a non-administrator, granted permissions including Mail.Read, offline_access, profile, and openid. While the investigation concluded that the application in this specific instance was indeed the legitimate ChatGPT service, the attack vector and the steps taken by the user mirror those observed in actual malicious campaigns. This incident, recorded on December 2, 2025, underscores the vulnerability inherent in the consent process itself, independent of the specific application involved.
The core danger lies not with any single application, but with the attack pattern that leverages OAuth consent. Any third-party application, whether intentionally malicious or a compromised legitimate service, that obtains the Mail.Read permission can read every message within a targeted inbox. In a real-world attack, threat actors could deploy convincing applications, potentially distributed via phishing campaigns, to harvest sensitive emails, internal communications, or even user credentials embedded within correspondence. The victim would likely remain unaware of the breach until significant damage has been done.
How OAuth Consent Attacks Work Inside Entra ID
When a user interacts with an application that requires consent, whether initiated through a phishing email, social engineering, or organic discovery, Entra ID logs two critical audit events: “Add service principal” and “Consent to application.” These events share a common CorrelationId, a crucial piece of data that allows security teams to link them and trace the entire consent chain back to a single user action. Understanding these audit logs is paramount for detecting and responding to these attacks.
Red Canary’s detection strategy focuses on identifying non-administrative consent grants associated with novel third-party applications that request commonly exploited OAuth scopes. A key indicator for suspicious activity is the AppOwnerOrganizationId field within the audit logs. If this identifier does not match the tenant’s own ID or known Microsoft first-party identifiers, the application is considered third-party and should be treated with extreme caution. Frequently abused OAuth scopes in these attacks include Mail.Read, Files.Read.All, Chat.Read, and Sites.Read.All, each granting access to different types of sensitive data.
Upon confirmation of an unauthorized or malicious consent grant, immediate remediation steps are necessary. First, the OAuth permission grant must be revoked, using the grant ID obtained from the “Consent to application” audit event. Subsequently, the associated service principal should be removed from the Entra ID tenant using its object ID. Both of