At least one Conditional Access policy is targeting the Device Code authentication flow to limit or block access.
Description
Organizations should get as close as possible to a unilateral block on device code flow, or at least restrict it.
Rationale
Organizations should block or limit device code flow because it can be exploited in phishing attacks, such as those conducted by the Storm-2372 group. Attackers leverage this authentication method to trick users into entering device codes on malicious websites, granting unauthorized access to accounts. Blocking or limiting this flow helps prevent exploitation by minimizing attack vectors, improving overall security posture, and safeguarding against compromised credentials through phishing techniques.
How to fix
Configure a Conditional Access policy to block the Device Code authentication flow and limit access to only trusted users and devices or to specific named locations.