March 2, 2026 Threat actors are exploiting Microsoft Entra ID through Open Authorization (OAuth) consent abuse, using seemingly legitimate third-party apps, including those branded like ChatGPT, to gain access to corporate email without stealing passwords. The technique relies on users approving sensitive permissions, allowing attackers to read inboxes silently once consent is granted.
OAuth enables applications to access user data with permission. In Entra ID, when a user connects a third-party application, a consent prompt lists requested permissions. If a user approves scopes such as Mail.Read, the application can access the contents of that user’s mailbox.
Red Canary documented a case in which a corporate user added ChatGPT as a third-party service principal within an Entra ID tenant and approved Mail.Read, offline_access, profile and openid permissions. The activity occurred on Dec. 2, 2025, at 20:22:16 UTC and was traced to IP address 3.89.177.26. In that instance, the application was confirmed to be the legitimate OpenAI-owned ChatGPT, but the investigation mirrored patterns previously observed in real-world attacks.
The risk lies in the consent model itself. By default, Entra ID allows standard, non-admin users to authorize applications requesting permissions that do not require administrative approval. That means a single employee can grant an external app the ability to read corporate email if Mail.Read or similar scopes are approved.
Commonly abused permissions include Mail.Read, Files.Read.All, Chat.Read and Sites.Read.All. Entra ID logs two audit events during the process – “Add service principal” and “Consent to application” – which share a CorrelationId that can help security teams trace the sequence of actions. Red Canary notes that the AppOwnerOrganizationId field can indicate whether an application is third-party and warrants scrutiny.
If a malicious or unsanctioned consent is identified, remediation involves revoking the OAuth grant using the associated grant ID and removing the service principal from the tenant, both of which can be executed through Microsoft Graph PowerShell.
Microsoft offers configurable consent policies. Organizations can require administrator approval for all application consents, restrict approvals to verified publishers with low-risk permissions or apply Microsoft’s recommended guidelines that balance usability and control.
For security leaders, the issue shows that OAuth consent flows are now a primary vector for mailbox compromise. Governance over user-level permissions and audit visibility inside identity systems is increasingly central to email security posture.
