First-party apps can be pre-consented in every tenant and may not be restrictable in the same way as third-party apps. When attackers target those apps, the usual consent policy and approval controls lose much of their value. Teams need to treat app exceptions, scopes, and Conditional Access exclusions as live attack surface, not static configuration.
Why This Matters for Security Teams
Microsoft first-party apps create a different consent-phishing problem because the attacker is not always trying to add a suspicious new application. They are often abusing a trusted, pre-approved, and broadly permitted app surface that already fits inside normal enterprise workflows. That makes detection, user education, and consent approval controls much less effective than teams expect. Current guidance suggests treating app trust as an active control plane, not a one-time onboarding decision.
This is especially dangerous in tenants where app exceptions, delegated scopes, or Conditional Access exclusions have accumulated over time. Those exceptions often outlive the original business need and become a hidden privilege path. The pattern aligns with broader NHI abuse trends described in the The 2024 ESG Report: Managing Non-Human Identities, where compromised non-human identities are now a recurring enterprise incident class. Microsoft’s own first-party ecosystem can therefore become a high-trust bridge into mail, files, and identity data. In practice, many security teams discover this only after a legitimate-looking app has already been used to harvest tokens or access sensitive data, rather than through intentional review.
How It Works in Practice
consent phishing works by persuading a user to grant OAuth permissions to an app that looks normal enough to be ignored. With first-party apps, the attacker benefits from an even stronger trust signal because the app may already be allowed in the tenant, widely used by staff, or exempt from some restrictions. That means the adversary is not starting from zero. They are weaponising existing authorization pathways, and those pathways are often harder to block without breaking business operations.
Security teams should focus on the mechanics that make first-party abuse durable:
- Audit which Microsoft first-party apps are pre-consented and which scopes they can request.
- Review delegated permissions and app role assignments separately, because both can expand access.
- Track Conditional Access exclusions as live risk, especially for legacy app compatibility or service accounts.
- Correlate consent events with unusual token use, mailbox access, file enumeration, and lateral movement.
From an identity perspective, the issue is less about whether the app is “Microsoft” and more about what authority it can exercise once consent is granted. This is why models that rely only on static allowlists are weak. Current guidance from NIST Cybersecurity Framework 2.0 supports continuous governance of access pathways, and identity-centric analysis in the 52 NHI Breaches Analysis shows how quickly trusted credentials and tokens become operational attack surface. These controls tend to break down when tenant administrators have layered multiple exceptions over years because the resulting permission graph is too complex to reason about manually.
Common Variations and Edge Cases
Tighter consent controls often increase administrative overhead, requiring organisations to balance usability against reduced attack surface. That tradeoff becomes acute in Microsoft-heavy environments where business teams depend on first-party apps for collaboration, automation, and mobile access. Best practice is evolving, but there is no universal standard for eliminating all consent risk without disrupting productivity.
One common edge case is tenant-wide pre-authorization for apps that appear harmless but can still request broad delegated scopes. Another is inherited access through service principals, where the visible app is not the only identity in play. Teams should also watch for admin-consent workflows that bypass user training entirely, because attackers often prefer privileged consent routes once end users become harder to trick.
For deeper context on how trusted identity surfaces are abused, NHIMG’s Top 10 NHI Issues and the external CISA cyber threat advisories both reinforce the same operational lesson: trust boundaries must be continuously revalidated. These scenarios become especially hard to contain when an organisation treats first-party app trust as permanent instead of reviewing scope, consent, and exclusions after every major change.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and OWASP Agentic AI Top 10 address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-03 | Consent abuse often persists through weak secret and token lifecycle controls. |
| OWASP Agentic AI Top 10 | A-04 | Trusted app abuse mirrors how high-authority software paths are exploited at runtime. |
| NIST AI RMF | AI RMF supports continuous governance of risky automation and identity-driven workflows. |
Continuously review app consent, token scope, and revocation so trusted identities do not retain excess access.
Related resources from NHI Mgmt Group
- Why do non-human identities create more risk than many human accounts?
- Why do non-human identities create more remediation risk than many human accounts?
- Why do third-party vendors create extra risk in industrial access models?
- Why do browser-based attacks create extra risk for NHI and human identity programmes?
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 10, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
