OAuth Consent Attacks in Entra ID Let Apps Like ChatGPT Read All User Emails

Attackers abuse OAuth consent in Microsoft Entra ID to access user inboxes without passwords. Malicious apps mimic tools like ChatGPT and request permissions such as Mail.Read. Users grant access via prompts. Red Canary reports: “Non-admin consents to third-party apps with risky scopes enable silent email harvesting.”

Entra ID handles app consents for Microsoft services. Attackers register apps needing Mail.Read, offline_access, profile, or openid. Phishing tricks users into approving. The app then reads all emails quietly.

Red Canary spotted a case with [email protected] consenting to ChatGPT on December 2, 2025, from IP 3.89.177.26. It traced via audit logs. Legit in that instance, but matches real attacks.

Default settings let non-admins approve low-risk apps. This exposes org data via one click. Abused scopes hit email, files, chats, and sites.

Attack Flow

Steps attackers follow.

• Register app with Entra ID.
• Phish consent link to user.
• User approves (logs: Add service principal, Consent to application).
• App reads inbox via Mail.Read.

Key log fields: CorrelationId links events; AppOwnerOrganizationId flags third-parties.

Risky OAuth Scopes

Common in attacks.

Detection and Remediation

Hunt and fix fast.

Detection:

• Query Entra audit logs for non-admin consents.
• Flag new third-party apps (mismatched AppOwnerOrganizationId).
• Watch scopes like Mail.Read.

Remediation:

• Revoke grant: Use Graph PowerShell with grant ID.
• Delete service principal: Use object ID.
• Commands in Red Canary guide.

Prevention:

• Set admin approval for all consents.
• Limit to verified publishers.
• Apply Microsoft default guidelines.

FAQ