Microsoft 365 users are targeted by phishing attacks exploiting OAuth 2.0 device authorization. Attackers trick users into granting access tokens via emails with misleading content. Tools like Squarephish and Graphish facilitate these campaigns, allowing low-skilled actors to launch sophisticated attacks. Mitigation strategies include implementing Conditional Access policies to block or restrict device code flows.
https://www.helpnetsecurity.com/2025/12/18/microsoft-365-device-code-phishing/

