New research shows 9% of Microsoft Entra SaaS apps are vulnerable to nOAuth abuse, allowing full account takeovers.