OAuth Consent in Entra ID Enables ChatGPT Email Access Bypassing MFA

OAuth consent in Entra ID can can grant applications such as ChatGPT access to emails after user approval. The mechanism exposes risks that may bypass multi-factor authentication (MFA) and enable persistent access to Microsoft Graph data. No specific dates, technical identifiers (e.g., CVE IDs), or affected user counts were provided in the notice. The impact described involves unintended exposure of sensitive email content via approved OAuth permissions.