TP: If you can validate that the OAuth application is sent from an unknown supply, and redirects to the suspicious URL, then a true good is indicated.FP: If you’re able to confirm application has done certain data from SharePoint or OneDrive look for and assortment by means of Graph API by an OAuth app and made an inbox rule to a differen