5-Minute Hunt: Detecting Risky Multi-Tenant Apps in Microsoft 365 by Lucie Cardiet

**Executive summary:** This brief hunt explains how misconfigured Microsoft 365 multi-tenant apps create a consent-based attack surface that attackers exploit via OAuth consent phishing and token authority abuse, outlines attacker behaviors and investigative signals, and provides a ready-to-run query to detect when an application's AvailableToOtherTenants property is set to true so SOC teams can identify and remediate unauthorized multi-tenant configurations.