ChatGPT in your inbox? Investigating Entra apps that request unexpected permissions
Published: (February 25, 2026 at 09:59 PM EST)
2 min read
Source: Dev.to
Source: Dev.to
Overview
The article examines OAuth application attacks in Entra ID, showing how threat actors can bypass strong authentication by exploiting the integrity of SaaS sessions. A hypothetical “ChatGPT‑themed” service principal is used to illustrate how users may be tricked into granting high‑privilege permissions such as Mail.Read.
Attack Mechanics
Threat‑actor workflow
- Create a malicious service principal that mimics a legitimate ChatGPT integration.
- Present a consent prompt to the target user, requesting risky scopes (e.g.,
Mail.Read). - User grants consent, resulting in the service principal obtaining the requested permissions.
Key AuditLog events for detection
- Consent to application – records when a user approves an application’s permission request.
- Add service principal – logs the creation of a new service principal in the tenant.
These events are essential for identifying unauthorized consent grants.
Detection Strategies
- Monitor non‑admin consent for high‑risk scopes in third‑party applications.
- Correlate the “Consent to application” event with a recent “Add service principal” event to spot newly introduced malicious apps.
- Set alerts on consent to privileged scopes (e.g.,
Mail.Read,Mail.Send) that are not part of the organization’s approved app catalog.
Remediation
Revoke illicit permissions
# Example using Microsoft Graph PowerShell
Connect-MgGraph -Scopes "Application.ReadWrite.All"
Remove-MgServicePrincipalPermissionGrant -ServicePrincipalId <malicious-sp-id> -PermissionId <grant-id>Remove malicious service principals
Remove-MgServicePrincipal -ServicePrincipalId <malicious-sp-id>Harden security settings
- Enforce admin‑only consent for high‑impact permissions.
- Regularly review the Enterprise Applications list and prune unused or suspicious entries.
Balancing Security and User Flexibility
Organizations should configure consent policies that protect against over‑provisioned OAuth permissions while still allowing legitimate SaaS integrations to function smoothly.