Tag
medium
advisory
Entra ID Illicit Consent Grant via Registered Application
2 rules 3 TTPsAttackers register malicious applications within Entra ID and deceive users into granting extensive permissions through OAuth consent, enabling unauthorized access to sensitive data like emails and files.
Microsoft Entra ID
azure
entra-id
oauth
illicit-consent
2r
3t
medium
advisory
Entra ID Sharepoint or OneDrive Accessed by Unusual Client
2 rules 4 TTPsAn application accessing SharePoint Online or OneDrive for Business for the first time in a tenant could indicate OAuth phishing, illicit consent grants, or compromised third-party apps accessing file storage.
Entra ID +2
azure
sharepoint
onedrive
oauth
phishing
illicit-consent
2r
4t