FP:?For those who’re?capable to?confirm?app has carried out specific details from SharePoint or OneDrive research and collection via Graph API by an OAuth application and created an inbox rule to a different or personalized external electronic mail account for legit motives. Proposed Action: Dismiss the alert Fully grasp the scope from the breach