Defender-focused analysis of a Microsoft 365 device-code phishing campaign (OAuth device-authorization abuse, MFA-bypassing) - defanged IOCs, Entra hunting, no live samples.
-
Updated
Jul 12, 2026
Defender-focused analysis of a Microsoft 365 device-code phishing campaign (OAuth device-authorization abuse, MFA-bypassing) - defanged IOCs, Entra hunting, no live samples.
Microsoft Entra device code phishing detection lab for Sentinel and Defender XDR
Add a description, image, and links to the device-code-phishing topic page so that developers can more easily learn about it.
To associate your repository with the device-code-phishing topic, visit your repo's landing page and select "manage topics."