Try this first
- 1Entra > Enterprise applications > All applications. All apps where users have ever clicked 'Accept'.
- 2Filter by 'Application type: Enterprise applications'. Microsoft's own apps you can ignore. External apps are the interesting ones.
- 3Per app: review the permissions. 'Read all mail' or 'Send as user' on an app you do not recognize is a red flag.
- 4Apps no one uses anymore: remove via 'Properties > Delete'. First test by setting 'Enabled for users to sign-in' to No and see if anyone shouts.
- 5Set admin consent for risky scopes (Entra > Consent and permissions). Then users cannot self-approve mail-read scopes.
When to bring us in
Apps with 'Mail.ReadWrite' or 'full_access_as_app' scopes from an unknown vendor: call us, do not remove yourself. First check whether active data transfer is running before you cut anything off.
See also
- I think I clicked a phishing linkNo shame, happens to everyone. The next fifteen minutes matter.
- A colleague's account is acting strangelySending mail in their name, rules hiding folders, unusual sign-ins. Suspicious.
- Lost the MFA app: new phone, no backup codesClassic problem after a phone upgrade. You are not the first to be locked out.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.