Persistent OAuth Tokens from SaaS/AI Integrations Create Unmonitored Backdoors in Microsoft 365 and Google Workspace
Third-party AI tools, automation platforms, and productivity apps connected to Microsoft 365 or Google Workspace via OAuth leave behind long-lived refresh tokens that bypass MFA and perimeter controls. These tokens are rarely inventoried or revoked, providing a stealthy backdoor if the SaaS vendor is compromised or a user falls for consent phishing. Resolution requires inventorying, revoking, and actively governing OAuth consent grants in both tenants.
Indicators
- Unknown or unsanctioned third-party apps appearing in Microsoft Entra Enterprise Applications or Google Workspace connected apps
- OAuth grants with broad scopes (Mail.Read, Files.ReadWrite.All, Drive, offline_access) tied to unfamiliar publishers
- API-based access to mailboxes or files originating from unusual IPs without interactive sign-in events
- User activity (mail reads, file access) continuing after a password reset or MFA reset
- Sudden growth in user-consented apps without administrator review
- Anomalous Microsoft Graph or Google API call volume tied to a service principal
- Defender for Cloud Apps or Google Alert Center alerts flagging suspicious OAuth app behaviour
Likely causes
- End users self-consenting to third-party OAuth apps without admin approval
- AI assistants, plugins, and automation tools requesting persistent refresh tokens with broad scopes
- No OAuth app governance policy in Microsoft Entra or Google Workspace
- No expiration or rotation policy for issued refresh tokens
- Compromised SaaS vendor leaking stored OAuth tokens
- Phishing-driven illicit consent grant attacks (OAuth consent phishing)
Diagnostic steps
-
In Microsoft Entra ID, open Enterprise applications > All applications, filter by user-consented apps, and export the list of service principals with their delegated and application permissions.
-
In Google Workspace Admin Console, go to Security > Access and data control > API controls > App access control > Manage Third-Party App Access to inventory all connected OAuth apps and scopes.
-
Use Microsoft Graph PowerShell (Get-MgServicePrincipal, Get-MgOauth2PermissionGrant) to enumerate consent grants and identify high-risk scopes such as Mail.ReadWrite, Files.ReadWrite.All, and offline_access.
-
Audit Entra sign-in and audit logs for 'Consent to application' events; correlate with unusual user agents, IPs, or bulk consent activity indicating phishing.
-
In Google Workspace, review the Security Investigation Tool for OAuth grant events and unusual API token usage patterns.
-
Identify tokens with unverified publishers, unknown redirect URIs, or scopes disproportionate to stated app purpose.
-
Check Microsoft Defender for Cloud Apps (App Governance) and Google Alert Center for OAuth abuse detections and investigate flagged apps.
Resolution path
- Inventory all OAuth-connected apps in both Microsoft 365 and Google Workspace tenants
- Classify each app by publisher trust, scope sensitivity, and business need
- Revoke tokens and remove service principals for unused, unknown, or risky integrations (Revoke-MgUserSignInSession in Microsoft, remove app access in Google Admin)
- Disable user self-consent in Entra and require admin approval for any new OAuth grant
- Implement an admin consent workflow so users can request access through a reviewed process
- Enable continuous monitoring and alerting on new consent grants and high-risk scope usage
- Document approved third-party apps in an allowlist and review quarterly
Prevention
- Configure Entra ID user consent settings to 'Do not allow user consent' or restrict to verified publishers with low-risk scopes
- Restrict Google Workspace API access to a curated list of trusted apps and block unconfigured third-party access
- Enforce admin consent workflows for sensitive scopes
- Deploy Microsoft Defender for Cloud Apps App Governance to detect anomalous OAuth app behaviour
- Educate users about OAuth consent phishing and how to recognise illegitimate permission prompts
- Periodically rotate or expire refresh tokens and review long-lived service principal credentials
- Maintain an OAuth app governance policy with named owners, review cadence, and offboarding procedures
Tools
- Microsoft Entra ID Enterprise Applications portal
- Microsoft Graph PowerShell SDK (Get-MgServicePrincipal, Get-MgOauth2PermissionGrant, Revoke-MgUserSignInSession)
- Microsoft Defender for Cloud Apps – App Governance
- Google Workspace Admin Console – API controls
- Google Alert Center / Security Investigation Tool
- AADInternals / 365Inspect for OAuth auditing