https://daniyalahmed.dev/tags/entra-id/Recent content in Entra-Id on Daniyal Ahmed | Red Team & Cloud SecurityHugo -- gohugo.ioen-usdaniyal.ahmed@microtechx.com (Daniyal Ahmed)daniyal.ahmed@microtechx.com (Daniyal Ahmed)Thu, 30 Apr 2026 00:00:00 +0000https://daniyalahmed.dev/posts/entra-default-user-permissions-the-open-app-registration-problem/Thu, 30 Apr 2026 00:00:00 +0000daniyal.ahmed@microtechx.com (Daniyal Ahmed)https://daniyalahmed.dev/posts/entra-default-user-permissions-the-open-app-registration-problem/In your Entra ID tenant right now, every one of your users can register an application, assign it Mail.Read permission, consent to it themselves, and start reading their own email programmatically with no admin approval, no alert, and no audit flag. That is the default configuration Microsoft ships. This article asks: who has already done this, what did they access, and how do you find out? This is not a vulnerability in the traditional sense.