What is OAuth Consent Phishing?

A phishing technique where the attacker tricks the victim into authorising a malicious OAuth application on their Microsoft 365 account. Unlike classic phishing, no password is stolen: the user authenticates normally (including MFA) on the legitimate login.microsoftonline.com page and then clicks Accept on a genuine consent screen. The result is a valid OAuth token the attacker uses to access the mailbox with no password and no MFA.

Why is MFA not enough against this attack?

MFA protects the authentication moment. In Consent Phishing the user correctly authenticates with a second factor: it is after MFA that an OAuth token is issued to the malicious app. The token usually includes the offline_access scope and refreshes automatically, so the session survives password changes and logout. Stopping an OAuth token that has already been issued requires an explicit grant revocation at tenant level.

What is the difference between Consent Phishing and Device Code Grant phishing?

Two variants of the same family. In Consent Phishing the user ends up on a Microsoft consent screen for a third-party app and clicks Accept. In Device Code Grant phishing (covered by Italy’s CSIRT Bulletin BL01/260407 of 7 April 2026) the user is tricked into entering a code on aka.ms/devicelogin, effectively authorising a device controlled by the attacker. In both cases the Microsoft page is genuine, MFA is honoured, and a persistent OAuth token emerges.

How do I check for suspicious OAuth grants in my tenant?

From the Entra ID portal under Enterprise applications you can list every app with an active consent and the users involved. Via PowerShell or Microsoft Graph you can query oauth2PermissionGrants. Red flags include apps with high-privilege scopes (Mail.ReadWrite, Files.ReadWrite.All, full_access_as_user, Directory.ReadWrite.All), consent granted by a single user instead of an admin, unknown publisher, app names that mimic well-known brands with slight variations. Purview Unified Audit Log records Consent to application events.

Can I block user OAuth consent completely?

Yes. In Entra ID, Enterprise applications → Consent and permissions → User consent settings, set Do not allow user consent. From that point no user can authorise third-party apps without admin approval. To avoid blocking legitimate apps enable the Admin consent workflow, which automatically forwards the request to a designated administrator. The change is free and only affects new authorisations.

OAuth Consent Phishing on Microsoft 365: how it bypasses MFA

All news

20 April 2026·OAuthMicrosoft 365PhishingMFAEntra IDCSIRT

CSIRT bulletinBL01/260407

Critical scopeoffline_access

OAuth tokenPost-MFA, persistent

What is happening

On 7 April 2026, ACN (Italian National Cybersecurity Agency) published through CSIRT Italia the Bulletin BL01/260407, documenting a targeted phishing campaign based on the OAuth 2.0 Device Code Grant flow against Italian Microsoft 365 and Entra ID tenants. It is the latest variant of a broader family — OAuth Consent Phishing — observed in real incidents against Italian SMEs over recent months.

The common feature is the ability to fully bypass MFA: the user authenticates normally on the genuine Microsoft page, MFA is honoured, and the OAuth token is issued after authentication to an application controlled by the attacker. From that moment, password resets or session revocations no longer stop access: an explicit grant revocation on the tenant is required.

How Consent Phishing works

Unlike classic credential phishing, OAuth Consent Phishing never asks for the password. The mechanism is straightforward:

1Lure — the user receives an email that appears to come from a familiar service (a productivity tool, a signature platform, a line-of-business app) with a link to an app with a credible brand.
2Genuine Microsoft page — the link redirects to login.microsoftonline.com. The URL is legitimate, the certificate is valid, the page is the real one. The user signs in with their credentials and MFA.
3Consent request — after authentication the OAuth consent screen appears: the app asks for scopes like Mail.ReadWrite, Files.ReadWrite.All, offline_access. Most users do not read permissions and click Accept.
4Token issuance — Microsoft issues a valid access token and refresh token. The attacker receives them and reaches the mailbox, files and tenant resources through Microsoft Graph APIs, with no password and no MFA.
5Persistence — the offline_access scope allows automatic access token refresh. The attacker’s session survives password changes, logout and Entra ID session revocation. The application grant itself must be revoked.

Device Code Grant: the CSIRT bulletin variant

CSIRT Bulletin BL01/260407 of 7 April 2026 describes a specific variant. The attacker contacts the user (by email, message or phone), asks them to open aka.ms/devicelogin and to enter a code that rotates every few minutes. This is the Device Code Grant flow, designed for IoT devices or terminals without a full keyboard (smart TVs, consoles, printers). When the user confirms, they actually authorise a client controlled by the attacker.

It is particularly effective because the user sees no suspicious third-party app screen: they just enter a code on a Microsoft domain. The CSIRT recommends disabling Device Code Flow for users who do not need it, through a Conditional Access policy that blocks the grant type urn:ietf:params:oauth:grant-type:device_code for every client not explicitly authorised.

Countermeasures: what to configure in Entra ID

No single measure solves the problem. What is needed is a coordinated set of configurations, nearly all at zero cost if the tenant already has a Microsoft 365 Business Standard licence:

1Block third-party user consent — in Entra ID, Enterprise applications → Consent and permissions → User consent settings, set Do not allow user consent. Pair it with the Admin consent workflow to avoid blocking legitimate apps.
2Conditional Access — requires Entra ID Premium P1. Essential policies: block access from countries outside the whitelist, require MFA for external IPs, block Device Code Flow for users who do not need it, block legacy authentication clients.
3Token Lifetime Policy — shorten access tokens to one hour (default: 60–90 minutes but refreshable indefinitely). The attacker is forced to re-authenticate continuously and the post-compromise access window narrows.
4Defender for Office 365 Plan 2 — Safe Links analyses URLs in a sandbox before the click, Safe Attachments detonates attachments. The Standard or Strict presets enable dozens of anti-phishing protections in one click. Email Security Gateway ACN adds an additional upstream layer.
5Block external automatic forwarding — in the Exchange Online outbound anti-spam policy set Automatic forwarding = Off. This prevents an attacker from exfiltrating email through forwarding rules pointing to external domains.
6Dedicated admin accounts, no mailbox — Global Administrators must be administrative accounts separate from work accounts. If Consent Phishing hits an ordinary account, the damage does not include tenant control.
7Training on the consent screen — the Microsoft consent screen is genuine and visually indistinguishable from a legitimate sign-in. Users must know it exists and must read the requested permissions before clicking Accept.

Monitoring: what to look for in logs

Microsoft 365 Purview Unified Audit Log records all relevant events even on base plans, with 90 days retention. Events to watch:

Consent to application — every time a user authorises an OAuth app. Consent granted to an unknown publisher with high-privilege scopes is the clearest signal.
New-InboxRule from foreign IP — inbox rules with obfuscated names (sequences of dots or non-alphabetic characters) are a typical signature of post-compromise BEC attacks.
UserLoggedIn from unexpected countries — active sessions from IPs in countries where the company has no operations, especially if repeated every few hours (a pattern typical of automated scripts).
SoftDelete and HardDelete — mass email deletion is typical of the evidence-cleanup phase.

Logs alone are not enough: real-time alerting is required. Even a simple Microsoft Sentinel rule, or an automatic notification on critical events, reduces mean time to detect from weeks to hours.

Operational support

AtWorkStudio has managed Microsoft 365 tenants for SMEs and public administration since 2000, from Piacenza, Italy. We are certified ISO/IEC 27001, 27017, 27018 and ISO 9001, with ACN QC1 qualification for three services in the Italian Public Administration Cloud Catalogue including the Email Security Gateway and the immutable Microsoft 365 backup. We are members of Clusit (Italian Association for Information Security) and associate members of Confindustria Piacenza in the RICT cluster.

If your Microsoft 365 tenant has not been hardened against OAuth Consent Phishing, we can run a targeted audit: inventory of active OAuth grants, review of User consent settings, analysis of Conditional Access policies, outbound forwarding check, review of Defender for Office 365 configuration and a phased remediation plan with no service interruption.

Sources

ACN / CSIRT Italia — Bulletin BL01/260407 of 7 April 2026 on Device Code Grant
Microsoft Security Research Center — OAuth Consent Phishing attack patterns
Microsoft Learn — Configure user consent settings in Entra ID
Microsoft Learn — Token lifetime policies for Microsoft Entra
Microsoft Learn — Conditional Access: block legacy authentication

Learn more

Microsoft 365 Email Security Gateway ACN Digital Identity Management Email Security CSIRT Outsourcing Cybersecurity Services

Frequently asked questions

Answers to the most common questions about OAuth Consent Phishing and Entra ID countermeasures.

Is your Microsoft 365 tenant protected from consent phishing?

We can audit active OAuth grants, User consent settings and Conditional Access policies of your Entra ID tenant, with a phased remediation plan and no service interruption.

Free NIST assessment Contact us

OAuth Consent Phishing:the MFA bypass on Microsoft 365