Microsoft 365 Device Code Defense
Detecting device code phishing in Microsoft Sentinel, one field, one rule
Every successful device code sign-in writes `AuthenticationProtocol == deviceCode` to SigninLogs. Normal users almost never trigger this. The …
Detection
6 min