VanRoey Logo
VanRoey Logo
menu
Header image overlay

Hackers visa OAuth API to access Office 365 accounts

OAuth (Open Authorization) is an authorization protocol that allows you to log in to another server, website or cloud portal using an existing login. A well-known example of this is logging in via your Google or Facebook account. For example, in the case of mobile apps. Microsoft uses this same open standard to allow other cloud services to connect to Office 365. For example, a Dropbox account that is synchronized with OneDrive or new Facebook posts that are written in an Excel document.

A blessing for users or hackers?

Despite the ease of use, there are also dangers: not all applications are equally transparent about the access rights obtained. Moreover, users appear to be nonchalant in granting access, so it should come as no surprise that there are more and more reports of affected users. This is also the case with Office 365 customers: on the Internet you can find numerous examples of Outlook users where e-mails were encrypted.

Screenshot hacked Outlook mailbox

Turn off ‘Application Consent by Users’ our advice!

Hackers have clearly changed the gun from shoulder to shoulder. In order to gain access to our valuable data, they no longer extract login data, but try to connect to malicious applications. For example, with Office 365 users. Our advice? As an administrator in Azure Active Directory, please enable ‘Application Consent by Users‘ off. As a result, end-users can no longer grant new rights to third-party applications. An action that also recommended by Microsoft.

Disabling this option has no effect on existing applications or on the operation of your Office 365 environment.

Is your Office 365 managed by us?

Then you can rest assured: this option has already been pre-emptively deactivated for all our customers. If you, as an admin, still want to enable this function again, we recommend that you first use the ‘Admin Consent Workflow‘ configurable so that new connections can first be approved by an administrator.

If you have any questions about this message, don't hesitate to contact us in time. contactable.

“Hackers have clearly changed the gun from shoulder to shoulder. To access our precious data, they no longer extract our login details, but try to connect through malicious applications.”
Clippy forces you to follow us.

Written by:

Profile photo Tom Hufkens | VanRoey.be
LinkedIn icon
Tom Hufkens
Marketing Manager at VanRoey

A familiar face at VanRoey for 15 years. Literally and figuratively: because of his role as Marketing Manager, he is regularly at the centre of our communication. He regularly shares his experiences of new marketing methods during workshops & events.

Related info

  • Blog

These 8 novelties Microsoft has in store for you

Windows 11 Intune deployment
  • Blog

End of support Windows 7 & Windows Server 2008

  • Blog

Guide: Secure your Office 365 environment with Multi-factor Authentication

Microsoft Authenticator App Smartwatch | VanRoey.be
  • Blog

Ransomware and Cryptolockers tackled

Let our experts guide you

Like thousands of organisations, rely on our knowledge & experience to work out your ideal network, data centre, IT security, CRM / ERP, meeting rooms or digital workplace...

Ask your question


Thanks to the Fortinet Security Fabric, a single security platform allows us to manage all our devices centrally and conveniently, without sacrificing data nor Internet accessibility! Watch video case...
Luc Smet
Luc SmetICT-NIM Teamleader


What I appreciate most about VanRoey is their hands-on approach and no-nonsense corporate culture. Moreover, they don't just answer the question, but they really do think along. For us, this has led to a deeper understanding and solutions that exactly fill our needs. Watch video case...
Steven BruynseelsIT Operations Manager


Switching to telephony via Teams went smoothly. Communication is very important to me in such projects. The cooperation between us, Telenet and VanRoey went very smoothly. Watch video case...
Gert Torah
Gert TorahIT Manager


I've worked with many companies before, but the approach of VanRoey is really quite unparalleled. With VanRoey.be we found the IT partner we were looking for. Read the case...
Raf De Leu
Raf De LeuIT Manager


We are very satisfied with the cooperation with VanRoey. Their people have a extensive knowledge and, in addition, can be used on a understandable way ...to transfer. Read the case...
Kim Kerkhofs
Kim KerkhofsExecutive assistant


Quality pays for itself over the years anyway, both for construction projects and in ICT. We therefore opted for the VanRoey ecosystem: the right solutions, the right brands, expertise and flexibility, with high reliability as a result. Read the case...
Martin Björklund
Martin BjörklundICT administrator

Newsletter  | Linkedin

LinkedIn Spotify Instagram Facebook-f Youtube Newspaper

Conditions – PartnershipsSatisfaction survey - VanRoey

  BC-Certified-logo_ISO-27001

Our Solutions

Managed IT Services
Security audit
Expertise Services

IT Security Strategy
Train Your Staff (Awareness)
Network Security
Firewalls
Antivirus
Endpoint Defence & Response (EDR)
Cybersecurity for Government (Smals)
Smart AI camera surveillance

VanRoey Private Cloud (IaaS)
Servers & Storage
Apps & device management
Backup Solutions
Networking & Wifi
Internet line & IP VPN
Azure Cloud Solutions
AI-powered CCTV

Copilot AI
Microsoft 365 / Office 365
Microsoft Teams
Microsoft SharePoint
CTOUCH Touchscreens
HP Business Notebooks
Dell XPS & Latitudes
Professional Printers

ERP & CRM With Dynamics 365
Power Platform
Dynamics 365 Real Estate
GPS Tracking(Sensolus) / Indoor tracking (Pozyx)

Events

Training

Experience Center

Jobs

About

ESG

Kempus

Customer Area

Contact
Living Tomorrow building

Event: 30 Nov

IT Inspiration Day

What will the future bring? Get an exclusive tour & plenty of inspiring sessions at the revamped Living Tomorrow. It promises to be another great and educational year-end event! See you there?

Info & registration

Attention: limited number of places!