Posts

Locking Down Device Code Flow: How (and Why) to Block It With Microsoft Entra Conditional Access

When Microsoft first introduced device code flow , it offered developers a clever way to sign in on devices with limited input options—think smart TVs and IoT hardware with no browser. Fast-forward to today, however, and that once-handy flow has become a popular entry point for adversaries who abuse it to bypass defenses such as Multi-Factor Authentication (MFA) prompts or user-risk policies. That’s why Microsoft now recommends most organizations block or tightly restrict device code flow wherever possible. The good news? You can do exactly that (and more) with Conditional Access (CA) policies in Microsoft Entra. In this post we’ll walk through: Why device code flow is risky (and why you should audit it first) How to block device code flow in a phased, low-risk manner How to block authentication transfer to prevent users from hopping an auth session from desktop to mobile Best-practice tips for ongoing monitoring and exception handling 1. Why Device Code Flo...

🛡️ Basic Security Measures Every Microsoft 365 Tenant Should Have

Crafting the Perfect Azure Naming Convention: Best Practices and Tips

The Hidden Dangers of Public Services in Incident Response

Best Practices for Event Logging and Threat Detection

Understanding Microsoft’s Multi-Tenant Organization (MTO) in Security Center