2,530 questions
You can block the device code flow via Conditional access policies: https://learn.microsoft.com/en-us/entra/identity/conditional-access/policy-block-authentication-flows#device-code-flow-policies
Validity of Article on Microsoft Device Code Authentication Threats
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 24%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Surjeet Singh
25
Reputation points
Hi Team,
Has anyone evaluated the legitimacy of an article discussing multiple threat actors targeting Microsoft Device Code Authentication? Additionally, what is Microsoft's current stance on this issue? Are there any known fixes or implementations in response to these threats?
The article can be found here: [https://www.volexity.com/blog/2025/02/13/multiple-russian-threat-actors-targeting-microsoft-device-code-authentication/]. Looking forward to feedback from the community.
Thank you