The breach pattern that should have ended admin-token defaults years ago
In July 2025, a major SharePoint Server vulnerability — CVE-2025-53770, a deserialization flaw in the on-premises SharePoint codebase — was actively exploited in the wild before a patch was available. CISA issued an emergency directive. By the end of the month, security researchers had documented attacker behavior across dozens of compromised enterprise tenants: the initial RCE was the entry point, but the lateral movement and persistence were enabled by something more boring than a zero-day. The attackers found, in tenant after tenant, third-party application service principals with application-level Microsoft Graph permissions — Sites.ReadWrite.All, Files.ReadWrite.All, Mail.ReadWrite, Chat.ReadWrite.All — and they used those tokens to read everything, exfiltrate everything, and quietly stage further compromise.
The SharePoint zero-day got the headlines. The admin-token harvest got the data.
This is not a SharePoint problem. It is a default-permission-class problem, and it is the unfunded mandate at the center of every cross-platform messaging integration shipping in 2026. Slack apps that request admin.users:read because it is easier than per-user delegation. Microsoft Graph integrations that ask for Channel.ReadWrite.All (application) when Channel.ReadWrite.All (delegated) would suffice. Google Chat Pub/Sub deployments that grant the integration project the chat.bot IAM role at the org level. Zoom Apps that request the account:read:admin scope on installation because the SDK quickstart shows that pattern.
Each of these decisions, in isolation, looks pragmatic. Together, they create a class of cybersecurity risk that the security industry calls token sprawl — and it is the largest under-reported attack surface in modern SaaS.
This essay is the threat model your CISO should already be reading. We walk through what an admin-token compromise actually enables, the SharePoint 2025 disclosure as a case study, the same-class risk in Slack Enterprise Grid bots, Microsoft Teams Graph application permissions, Google Chat Pub/Sub admin scopes, and Zoom App admin scopes. Then we show the SyncRivo design pattern: delegated scopes per user, channel-bounded routing, no admin-token persistence, and why this pattern defuses the bomb without sacrificing functionality.
What "admin-level" permissions actually mean across the four major platforms
The phrase "admin permissions" is overloaded. In the context of cross-platform messaging integrations in 2026, it specifically refers to a set of OAuth scopes or IAM roles that grant the integration the ability to act on behalf of the entire tenant, not on behalf of a specific consenting user.
Microsoft Graph: application vs. delegated permissions
Microsoft Graph distinguishes between application permissions (the app calls Graph as itself, using a client credentials flow, with no user context) and delegated permissions (the app calls Graph on behalf of a signed-in user, using that user's token).
The difference is profound. Application permissions are persistent — the app's client secret or certificate gives it indefinite access. Delegated permissions are per-user — the app only has access to what each consenting user can see, and access is bounded by the user's session.
The high-risk application permissions for cross-platform messaging:
Channel.ReadWrite.All(application): read and write all channels in all teams in the tenant.Chat.ReadWrite.All(application): read and write all chats — including 1:1 and group chats — for all users.Mail.ReadWrite(application): read and write the mailbox of every user.Files.ReadWrite.All(application): read and write any file in OneDrive or SharePoint, for any user.Sites.ReadWrite.All(application): the same scope SharePoint attackers exploited in 2025.User.ReadWrite.All(application): read and modify any user object.
If a vendor requests any of these as application permissions when a delegated alternative exists, the integration is trading your tenant's worst-case blast radius for the vendor's engineering convenience.
Slack: bot-token scopes vs. user-token scopes
Slack OAuth distinguishes between bot tokens (one per workspace, with scopes the installing admin granted) and user tokens (one per user per app, with scopes that user granted).
The high-risk bot scopes:
admin.users:read,admin.users:write: read and modify any user in the workspace, including SCIM provisioning.admin.conversations:read,admin.conversations:write: read and modify any channel, including private channels.channels:read,groups:read,im:read,mpim:read(workspace-wide): read every channel, private channel, DM, and group DM.files:read(workspace-wide): read every file uploaded to the workspace.
A compromised bot token with these scopes is, effectively, a compromised workspace. There is no per-user boundary, no per-channel boundary, no time-of-day boundary unless the integration explicitly enforces one.
Google Chat: per-app vs. service account vs. domain-wide delegation
Google Chat integrations authenticate via Google Cloud service accounts. The risk classes:
- Per-app authentication (chat:bot scope): the bot can only see messages explicitly @-mentioned to it, in spaces it has been added to. Lowest risk.
- Per-user OAuth (
chat.spaces,chat.messagesuser scopes): the integration acts on behalf of a specific user. Per-user blast radius. - Domain-wide delegation: the integration's service account is granted the ability to impersonate any user in the Workspace domain. This is the equivalent of Microsoft Graph application permissions — and it is the configuration that bites organizations during incident response.
Domain-wide delegation is enabled by a single checkbox in the Google Workspace admin console. The audit log entry for that action is one line. The blast radius if the service account's key is leaked is the entire Workspace domain.
Zoom: account-level admin scopes vs. user-level scopes
Zoom Apps distinguish between account-level scopes (granted by the account admin during installation, applicable to the whole account) and user-level scopes (granted by individual users, scoped to each user's data).
The high-risk account-level scopes:
account:read:admin,account:write:admin: full visibility into account settings, billing, user provisioning.recording:read:admin: every recorded meeting in the account.chat_message:read:admin: every Team Chat message in the account.user:read:admin,user:write:admin: every user in the account, including SSO and provisioning.
A compromised admin-scope token grants the attacker the same visibility as the account admin who installed the app — typically a CIO or IT director.
The SharePoint 2025 disclosure: a case study in admin-token blast radius
CVE-2025-53770 was the entry point. The blast radius was determined by what was already in the tenants. Forensic write-ups from multiple incident-response firms in late 2025 documented a consistent five-step pattern: (1) RCE via the SharePoint deserialization flaw; (2) enumeration of the SharePoint farm's Azure AD application registrations; (3) extraction of service principals with broad Graph application permissions — Sites.ReadWrite.All, Files.ReadWrite.All, Mail.ReadWrite — many belonging to long-forgotten third-party SaaS integrations; (4) recovery of those service principals' client credentials from the SharePoint config database; (5) exfiltration of SharePoint sites, OneDrive contents, mailboxes, and Teams messages via Microsoft Graph from anywhere on the internet, without further on-premises access and without tripping most network detections.
The SharePoint zero-day was the door. The admin tokens were the keys to every other room. This pattern — a foothold in one workload becoming tenant-wide compromise via accumulated admin-permission service principals — is the most consistent enterprise breach pattern of 2024-2025. The SharePoint disclosure made it visible. It was not new.
The same-class risk in cross-platform messaging integrations
Most cross-platform messaging integrations shipping in 2026 — including the major iPaaS and federation incumbents — request admin-class permissions on installation. The reasons are pragmatic: tenant-wide tokens are easier to code against than per-user OAuth flows, and most security reviews do not explicitly flag application-permission requests as high-risk.
The threat model: (1) the vendor's token store is compromised via breach, supply-chain attack, or insider threat; (2) the attacker exfiltrates customer client credentials and admin-scope tokens; (3) calling Microsoft Graph, Slack Web API, Google Chat REST API, and Zoom REST API from the vendor's own IP space, the attacker reads and exfiltrates cross-platform messages for every customer of the vendor simultaneously; (4) customer-side detection is delayed because traffic originates from explicitly allowlisted vendor IPs.
This is not hypothetical. In 2025, three separate SaaS supply-chain incidents fit this pattern exactly, with affected customers learning of the breach from the vendor's disclosure rather than their own SIEM. The architectural pattern was identical: admin-scope tokens stored centrally, no per-user delegation, no blast-radius justification in vendor security documentation.
The SyncRivo design pattern: delegated scopes, channel-bounded routing, no admin-token persistence
SyncRivo's federation architecture is designed around the principle that the worst-case blast radius of a SyncRivo compromise must be bounded by the scope of an individual user's consent, not by the scope of an admin's installation decision.
The design pattern has four pillars.
Pillar 1: Delegated OAuth scopes per user
Every action SyncRivo takes against Microsoft Graph, Slack Web API, Google Chat REST API, or Zoom REST API is taken under a delegated OAuth scope that a specific user has explicitly granted. No admin-scope token grants tenant-wide access. The scope sets:
- Microsoft Graph:
Channel.ReadWrite.All(delegated),Chat.ReadWrite(delegated),User.Read,offline_accessfor refresh. - Slack: user-token scopes only —
chat:write,channels:history,channels:read,im:history,mpim:history. Noadmin.*scopes. - Google Chat: per-user OAuth —
chat.spaces,chat.messages.create,chat.messages. No domain-wide delegation, no service-account impersonation. - Zoom: user-level scopes only —
chat_message:read,chat_message:write,chat_channel:read. No*:adminscopes.
Pillar 2: Channel-bounded routing
Even within the delegated-scope grant, SyncRivo enforces a channel-bounded routing policy: the federation only reads and writes messages in channels that have been explicitly enrolled in a federation route by the channel owner.
The implication: a SyncRivo compromise — even of a user's full delegated token — does not expose every channel the user can see. It only exposes the federation-enrolled channels the user is a member of. For a typical enterprise user enrolled in 3-5 federated channels out of dozens they can access, this is a 10-15x reduction in blast radius compared to a token compromise without channel binding.
Pillar 3: No admin-token persistence
SyncRivo does not store admin-scope tokens. Period. There is no client-credential flow against any of the supported platforms in the production codebase. There is no service principal with application permissions in any customer tenant. The audit configuration for every customer's enterprise application registration is verifiable in the customer's tenant logs.
This is an architectural commitment, not a configuration option. The codebase does not have the surface area to operate against admin-scope tokens, which means a future product change cannot quietly re-introduce the risk.
Pillar 4: Per-user revocation as the default offboarding signal
When a user is offboarded from their home tenant — their Microsoft Entra account is disabled, their Slack account is deactivated, their Google account is suspended, their Zoom account is removed — their delegated OAuth grant is revoked as a side effect of the offboarding action your existing process already performs.
There is no separate "remove user from federation" step. There is no risk that an offboarded employee's federation access lingers because someone forgot to update the integration. The federation security boundary is the same boundary as the user's home identity, which is the boundary your IT team has spent decades operationalizing.
A permissions-class comparison
| Risk dimension | Admin-token (application permissions) federation | Delegated-scope (per-user) federation |
|---|---|---|
| Blast radius if vendor is compromised | Entire customer tenant | One user's federation-enrolled channels |
| Blast radius if customer admin is compromised | Entire tenant + all installed apps | Same — but federation does not amplify |
| Compliance review complexity | High (must justify tenant-wide scope) | Low (per-user consent in audit log) |
| Offboarding cleanup | Separate step, must be remembered | Automatic via existing offboarding |
| eDiscovery attribution | Vendor service principal | Real user identity |
| SOC 2 / HIPAA scope | Vendor-side controls in scope | Vendor-side controls plus per-user consent |
| Conditional Access enforcement | Workload Identity policies (per service principal) | Per-user CA policies (existing) |
| Token rotation operational cost | Vendor-managed, opaque to customer | Per-user, automatic via OAuth refresh flow |
| Risk of silent scope expansion | High (scope changes only require admin re-consent) | Low (each user must re-consent to scope changes) |
The framework is straightforward: any time a vendor can deliver the required functionality with delegated scopes, the application-permissions alternative is a negative-value architectural choice for the customer, regardless of how convenient it is for the vendor.
Compliance posture: what this design pattern enables
SyncRivo's compliance posture is materially affected by the no-admin-token architecture.
- SOC 2 Type II audit covering January 1 – December 31, 2025. The audit explicitly tested the absence of admin-token persistence and the per-user delegated-scope flow as a control. The auditor's opinion is available under NDA.
- HIPAA Business Associate Agreement executed with Enterprise tier customers in an average of 11 days. The BAA explicitly references the delegated-scope pattern as a control supporting minimum-necessary access.
- Zero-retention default: messages and files pass through the routing layer without persistent storage. Customers can opt into bounded retention with explicit per-tenant configuration.
- Delegated permissions only: enforced by the absence of admin-scope code paths, not just by policy.
- Per-region data residency for EU, UK, AU, and CA customers.
- No supply-chain admin-token exposure: even a complete compromise of SyncRivo's infrastructure does not yield tenant-wide tokens because no tenant-wide tokens exist.
The full posture is documented at trust.syncrivo.ai. The verifiable claim — verifiable in the customer's own tenant logs — is the most important one: inspect the OAuth scopes SyncRivo requested in your enterprise application consent log, and compare them to any other federation vendor in evaluation. The difference is the threat model.
What to demand from any federation vendor before you sign
A working evaluation checklist:
- The exact OAuth scopes you request on each of Microsoft Graph, Slack, Google Chat, and Zoom — delegated and application scopes listed separately.
- How my tenant's enterprise application consent log will appear after your installation.
- Your token storage architecture: location, encryption, rotation cadence, compromise response.
- The offboarding flow: when a user is disabled in their home tenant, how quickly federation access is revoked.
- Your incident response playbook for a hypothetical token-store compromise.
- A SOC 2 Type II report that explicitly tests OAuth scope handling and token storage as in-scope controls.
- Server-side channel-level access bounds — can I restrict the federation to specific channels, and how is that enforced?
- A regulated-industry customer reference who has run this in production for 90+ days.
Any vendor that hesitates on more than two is selling tenant-wide blast radius disguised as a federation product.
The 2026 regulatory direction
Two 2025-2026 regulatory developments now reference admin-token risk explicitly. SEC cybersecurity disclosure rules have been interpreted to include incidents where the initial cause was a third-party SaaS provider's admin-token compromise — customers cannot offload the 8-K obligation to the vendor. EU NIS2 Directive Article 21 (full enforcement Q1 2026) requires entities to assess SaaS supply-chain risk, with implementation guidance from German, Dutch, and French regulators specifically calling out application-scope OAuth grants as a risk class requiring documented justification.
The regulatory direction is unambiguous: the admin-token default now requires affirmative justification, not silent acceptance.
The deeper architectural implication
If you read only one thing from this essay, read this: the choice between admin-scope and delegated-scope OAuth is not a technical detail. It is the single most important architectural decision in any cross-platform messaging integration.
It determines the worst-case blast radius. It determines the offboarding flow. It determines the eDiscovery attribution. It determines whether your federation vendor is a pass-through or a single point of catastrophic exposure for every customer they serve.
The SharePoint 2025 disclosure made the cost of getting this wrong visible to anyone willing to read the post-mortems. The pattern was not new. The pattern is repeated, today, in dozens of cross-platform messaging integrations that your tenant has installed because someone in IT clicked "consent" on a scope set they did not parse line-by-line.
For the architectural picture of how delegated scopes extend across voice, video, and the full cross-platform messaging surface, see our Teams ↔ Google Chat voice & video interop architecture deep dive. The same delegated-scope, no-admin-token pattern that defuses the messaging-integration time bomb extends cleanly into the real-time voice and video federation surface.
Frequently asked questions
What is the difference between application permissions and delegated permissions in Microsoft Graph? Application permissions allow an app to call Microsoft Graph as itself, using a client credentials flow with no user context, against the entire tenant. Delegated permissions allow an app to call Graph on behalf of a signed-in user, scoped to what that user can see. Application permissions persist as long as the client credential is valid. Delegated permissions are bounded by the user's session and can be revoked by disabling the user's account.
Why are admin-scope OAuth tokens a cybersecurity risk? Admin-scope tokens — application permissions in Microsoft Graph, workspace-wide bot tokens in Slack, domain-wide delegated service accounts in Google, account-level admin scopes in Zoom — grant tenant-wide access. If the token is compromised, the attacker can read and write across the entire tenant without the per-user, per-session boundaries that delegated scopes enforce. The 2025 SharePoint exploitation campaign documented this pattern at scale.
What was the SharePoint 2025 vulnerability and how is it related to admin-token risk? CVE-2025-53770 was a SharePoint Server deserialization vulnerability that allowed remote code execution on the on-premises SharePoint farm. The initial compromise was the entry point, but forensic investigations documented that the lateral movement and data exfiltration were enabled by attackers harvesting admin-scope OAuth tokens from third-party SaaS integrations, then calling Microsoft Graph from anywhere on the internet to exfiltrate tenant data without further on-premises access.
Can a federation vendor work entirely with delegated permissions? Yes. SyncRivo operates with delegated-only scopes across Microsoft Graph, Slack, Google Chat, and Zoom. The architectural cost is moderate — per-user OAuth flows must be built and maintained. The customer-side benefit is profound: blast radius is bounded by individual user consent, not by tenant-wide installation.
How can I audit which third-party apps have admin-scope permissions in my Microsoft Entra tenant?
Microsoft Entra exposes the enterprise application consent log via the admin portal under Enterprise Applications and via Microsoft Graph (/applications and /servicePrincipals endpoints). Filter for service principals with application-class Graph permissions, particularly *.All scopes. Microsoft Entra Permissions Management surfaces the same data with cross-cloud context and dormant-permission detection.
What OAuth scopes does SyncRivo request?
On Microsoft Graph: Channel.ReadWrite.All (delegated), Chat.ReadWrite (delegated), User.Read (delegated), offline_access. On Slack: user-token scopes chat:write, channels:history, channels:read, im:history, mpim:history. On Google Chat: per-user OAuth chat.spaces, chat.messages.create, chat.messages. On Zoom: user-level scopes chat_message:read, chat_message:write, chat_channel:read. No admin or application-class scopes on any platform.
How does the no-admin-token architecture affect compliance posture? SOC 2 Type II audit explicitly tests the absence of admin-token persistence as a control. HIPAA BAA references delegated-scope handling as a minimum-necessary access control. NIS2 supply-chain risk-assessment documentation can reference the verifiable absence of tenant-wide blast radius as a mitigation. Each compliance dimension benefits because the worst-case attacker capability is bounded by per-user consent rather than by tenant-wide scope grants.
What should I do today if I have already installed admin-scope federation integrations? First, audit. Run the enterprise application consent log audit in each platform's admin portal and identify every integration with admin or application-class scopes. Second, classify. Determine which integrations actually require those scopes and which are using them as engineering convenience. Third, replace or constrain. For integrations using admin scopes as convenience, request the vendor's delegated-scope alternative or migrate to a vendor that operates delegated-only. Fourth, monitor. Implement Conditional Access for Workload Identities on every remaining service principal with admin scopes, with IP, time, and resource restrictions.
Take the next step
Admin-level permissions in cross-platform messaging integrations are a cybersecurity time bomb. The 2025 SharePoint disclosure is the most visible evidence, but the pattern is repeated across dozens of integrations your tenant has installed and forgotten.
Three resources will help your security team defuse the bomb:
- The SyncRivo trust posture — SOC 2, HIPAA BAA, and the verifiable delegated-scope-only architecture documented in one place.
- The Federation Threat Model brief — the diagram and analysis we ship to enterprise security reviews, including the comparative blast-radius framework.
- A 60-minute architecture session with the SyncRivo solutions team to walk through your current integration inventory and quantify the blast-radius reduction available from migrating to delegated-scope federation.
The default-permission-class problem will not solve itself. The vendors who built their architectures around admin-scope tokens have a strong incentive not to fix it. The customers will fix it, one integration audit at a time, by demanding delegated scopes as the architectural default — and walking away from any vendor who cannot deliver that pattern.
Ready to connect your messaging platforms?
