Microsoft 365 OAuth Consent Defense
OAuth consent phishing against Microsoft 365, what happens when no password is stolen
The attacker registers an app in their own tenant, tricks a user into clicking Accept, and gets Microsoft-signed …
Microsoft 365 OAuth Consent Defense
Five Sentinel detections for OAuth consent attacks (with the KQL inline)
Suspicious consent grant, mass campaign, anomalous SP sign-in, post-consent credential addition, and Graph API mass read. Plus a …