ADVERTISEMENT

One-click disaster: Microsoft’s Entra tokens can grant access to corporate emails, and that’s a problem

A single click could grant third-party apps permanent access to corporate email accounts without a password, putting organizations at risk of attacks.

microsofts entra requesting invasive permissions

Image by Cybernews

Paulina Okunytė
Paulina Okunytė Senior Journalist
Feb 25, 2026 3 min read
Jurgita Lapienyte justinasv Izabele Pukenaite vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Add us as your Preferred Source on Google.

ChatGPT was granted permission to read emails. That could be a problem

Strong password generator

Upgrade the security of your online accounts.
Create strong passwords that are completely random and impossible to guess.
Generated unique password
Ad link_title
Convenient way to secure and use all your passwords. Now 72% OFF!
ADVERTISEMENT

Has your password leaked?

Enter your password to check if it has leaked. Having a leaked password creates the risk of identity theft, financial damages, and worse!
35,607,543,468
Exposed Passwords
Ad
Protect your personal information from cybercriminals and get 50% off the top-rated password manager
link_title link_title

Gating higher-risk permissions is key

Check if your data has been leaked

Find out if your email, phone number or related personal information might have fallen into the wrong hands.
18,611,353,922
Breached accounts
36,030
Breached websites
  • The first one is disabling user consent entirely, so that only administrators can approve applications. However, this option bears an administrative burden
  • The second option is allowing consent only for verified publishers or pre-approved permissions. Users can still approve low-risk applications, but higher-risk permissions are gated
  • Let Microsoft manage consent settings and automatically update policies based on evolving guidance

ADVERTISEMENT