To counter device code phishing attacks used by Storm-2372, Microsoft proposes blocking device code flow where possible and enforcing Conditional Access policies in Microsoft Entra ID to limit its ...

Disabling device code flow wherever possible. Provide phishing training to all users. Revoke access tokens when Storm-2372 activity is suspected using revokeSignInSessions.

Microsoft has enabled a new policy in Entra ID that has caused many Teams-certified Android devices to be logged out, here's how to log them in again.