Start the audit from /mailbox-audit/<UUID>/start/. Pick Microsoft 365 and you are redirected to Microsoft's consent screen.
What you see on the consent screen
Microsoft displays the exact permissions LeakTrace is requesting — read-only access to mailbox configuration, no message content. Approve to continue. The audit runs immediately after.
If your tenant blocks third-party apps
Many Microsoft 365 tenants are configured to require admin approval for any third-party OAuth app. If you see "An administrator needs to approve this app," forward the request to your IT admin. They can grant tenant-wide consent or whitelist our app ID.
Multiple mailboxes
The audit covers the mailbox of the user who completes OAuth. To audit other mailboxes, an admin can grant tenant-wide consent and we can scan multiple accounts in one engagement — contact support to arrange.