Microsoft 365 OAuth Consent Defense
OAuth consent phishing against Microsoft 365, what happens when no password is stolen
The attacker registers an app in their own tenant, tricks a user into clicking Accept, and gets Microsoft-signed …
Microsoft 365 OAuth Consent Defense
Containing an OAuth consent compromise, the four moves you have to make in order
Revoke grants. Disable the SP. Revoke refresh tokens. Tenant-block the AppId. Order matters and most SOCs do it …