Tag
Device code flow phishing lets attackers take over M365 accounts even when MFA is fully enforced — the victim authenticates on a real Microsoft page, the attacker gets the tokens. Storm-2372 has been running this campaign since August 2024. Learn how to detect existing compromise in your Entra ID logs, block the attack via Conditional Access, and avoid breaking Teams Rooms in the process.
