You’ll learn how to stop authorization hijacks with Entra Controls and secure your Microsoft ecosystem from consent-based attacks — directly inside the Microsoft cloud — in this episode.

Who this episode is for:
• You want practical strategies you can apply instantly
• You want real execution — not theory
• You want to unlock Microsoft 365, Power Platform, and Azure for real business outcomes

Scenario:
Attackers bypass MFA protections and abuse OAuth consent to compromise your tenant.

Step-by-step – what you’ll learn:
• How consent bypasses MFA and why tokens outlive password resets
• How to configure Entra Controls to block risky app consents
• Where these controls fit into your daily workflows, boosting security without disrupting productivity
• How to integrate admin workflows to manage and approve app permissions with visibility

Tools + tech included:
• Microsoft Entra Admin Center
• Enterprise Applications
• Graph API / PowerShell for monitoring
• Admin Consent Workflow

Practical payoff:
• Eliminate risky app consents and authorization abuse
• Protect your tenant’s data from persistent threats
• Improve visibility and control over app permissions

Open topical anchors:
cloud-first transformation • authorization control strategies • Microsoft ecosystem advantage • zero trust at the app layer

Example business cases listeners can apply immediately:
• Block unverified publisher apps demanding unsafe scopes
• Configure admin workflows for high-risk app permissions
• Use monitoring tools to flag and revoke malicious grants

Outcome statement:
By the end of this episode — you’ll know how to secure your tenant by locking down user consent, requiring verified publishers, and enforcing admin approval for risky app requests.

Call-to-action:
Start building your skills today. Elevate your expertise. Transform your workflows now.

#refreshtokens #adminconsent #mfasecurity #consenthijacks #entrapolicies

CHAPTERS:
00:00 - Intro
00:50 - Illicit Consent Grants and MFA Failures
02:08 - Refresh Tokens and Session Management
04:44 - Issues with Forced Sign-Out
05:45 - Entra Policies: User Consent and Admin Workflow
08:12 - Case Study: MFA and OATH Grant Revocation
16:51 - Hunting for Security Threats
19:38 - Immediate Kill Chain Response
24:34 - Cleanup and System Hardening
25:11 - Policy Hardening Strategies
27:21 - Automated Detection Rules for Security
28:05 - Failure of Graph Calls in Security Context

Episodes Page: Please add url here
Supporter Club on Spreaker: https://www.spreaker.com/podcast/m365-show-podcast--6704921/support
Office Podcast Website: https://podcast.m365.show/
Guest Intake Form: https://podcast.m365.show/guests/intake/
Donate the m365.Show: https://podcast.m365.show/support/

Stop Authorization Hijacks with These Entra Controls 🚀

Listen On

Support On

Featured Episodes

Recent Episodes

Microsoft Data Podcast – Analytics, Fabric & Data Governance Episodes

Microsoft Power Platform Podcast – Governance, Security & Architecture Episodes

Microsoft Security Podcast – Identity, Cloud & Enterprise Protection Episodes

Microsoft Azure Podcast – Cloud Architecture, Security & Operations Episodes

Microsoft Copilot Podcast – AI Architecture, Security & Governance Episodes

Microsoft Dynamics 365 Podcast – Architecture & Integration Episodes

Microsoft Development Podcast – APIs, Identity & Architecture Episodes

Microsoft 365 Podcast – Teams, SharePoint, Office Apps & Productivity Episodes

Browse episodes by category