For good reasons, device code flow in Entra ID is getting a lot of attention. Attackers heavily use it to get access to Microsoft 365 accounts and data. Device code phishing is very effective, as phishing-resistant MFA, like passkeys, are not helping here. The victim will simply hand over an access token to the attacker.… Read More »How to restrict Device Code Flow in Entra ID
