OAuth app policies

 https://learn.microsoft.com/en-us/defender-cloud-apps/app-permission-policy

Microsoft Defender for Cloud Apps (previously known as Microsoft Cloud App Security) is now part of Microsoft 365 Defender. The Microsoft 365 Defender portal allows security admins to perform their security tasks in one location. This will simplify workflows, and add the functionality of the other Microsoft 365 Defender services. Microsoft 365 Defender will be the home for monitoring and managing security across your Microsoft identities, data, devices, apps, and infrastructure. For more information about these changes, see Microsoft Defender for Cloud Apps in Microsoft 365 Defender.

Create a new OAuth app policy

There are two ways to create a new OAuth app policy. The first way is under Investigate and the second is under Control.

To create a new OAuth app policy:

    Under Investigate, select OAuth apps.

    Filter the apps according to your needs. For example, you can view all apps that request Permission to Modify calendars in your mailbox.

you can set permission policies so that you get automated notifications when an OAuth app meets certain criteria.

Malicious OAuth app consent Scans OAuth apps connected to your environment and triggers an alert when a potentially malicious app is authorized.