Consent phishing impact assessment

%3CLINGO-SUB%20id%3D%22lingo-sub-1603494%22%20slang%3D%22en-US%22%3EConsent%20phishing%20impact%20assessment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1603494%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EIs%20it%20possible%20to%20see%20which%20scopes%20an%20app%20has%20*actually%20used*%20in%20Office%20365%20and%2C%20even%20better%2C%20how%3F%20Thinking%20about%20how%20to%20fully%20understand%20the%20impact%20of%20%22consent%20phishing%E2%80%9D.%20E.g.%20app%20asks%20for%20mail.read%20-%20did%20it%20download%20the%20mailbox%3F%20Thanks!%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1604054%22%20slang%3D%22en-US%22%3ERe%3A%20Consent%20phishing%20impact%20assessment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1604054%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20only%20way%20to%20get%20such%20information%20is%20by%20crawling%20the%20unified%20audit%20log...%20and%20depending%20on%20the%20workload%20you%20might%20not%20even%20be%20able%20to%20filter%20them%20based%20on%20the%20application%20id.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

Is it possible to see which scopes an app has *actually used* in Office 365 and, even better, how? Thinking about how to fully understand the impact of "consent phishing”. E.g. app asks for mail.read - did it download the mailbox? Thanks!

1 Reply

The only way to get such information is by crawling the unified audit log... and depending on the workload you might not even be able to filter them based on the application id.