Microsoft Security Report Highlights OAuth Compromise of Exchange Online
A report by the Microsoft 365 Defender Research team explained how attackers compromised admin accounts in a Microsoft 365 tenant. They then created a malicious OAuth app, granted the app some high-priority permissions, and used it to update the Exchange Online configuration to allow spam traffic to flow. All of this comes down to allowing attackers to compromise admin accounts.
September 26, 2022