Microsoft 365 OAuth Device Code Flow and Phishing

February 13, 2023

Microsoft has released a new guide on how to handle OAuth device code flow and phishing attacks using Microsoft 365. This guide provides information about the latest updates to the OAuth device code flow and how to prevent phishing attacks. Detecting phishing via Microsoft Teams also covered.

Updated to prevent phishing attacks

This article highlights several features in Microsoft 365 OAuth Device Code Flow that intended to mitigate phishing attacks. These features are available to Office 365 users as part of their Enterprise E5 subscription plan.

This feature allows users to reuse well-known client application ids. It also includes an additional prompt when signing into an app. This new prompt not designed to remove or bypassed, as it is meant to prevent phishing attacks.

The OAuth authorization protocol used by many cloud applications and is a standard. The protocol is a two-step process, with the first step being the authorization code. The second step is the refresh token. The refresh token is not bound to a particular resource, and obtained in exchange for the resource owner’s credentials.

OAuth phishing attacks involve compromising user information and credentials. These attacks are increasingly sophisticated and use widely-used identity systems. An attacker can mimic a victim’s access or steal credit card details.

The OAuth 2.0 authorization protocol is a standard and used by several third-party cloud applications. The protocol designed to grant limited access to resources. It not intended for use with sensitive information, such as credit card details.

In an OAuth phishing attack, the attacker generates an access token, which then passed to the victim. The access token can use to make API requests.

Man-in-the-middle attack framework used for phishing login credentials and session cookies

The man-in-the-middle attack is a cyberattack that occurs when a third party intercepts a digital conversation between two or more parties. This can result in fraudulent transactions, theft of sensitive personal information, or even identity theft.

The attacker can eavesdrop on the conversation, send phony messages, or alter the conversation in any way he wishes. This allows him to learn confidential information and access other systems. He can also send a user to a fake website, or capture their login credentials.

The man-in-the-middle, or MITM, attack can be tricky to detect. But you can prevent this type of attack with a few simple steps. First, you can change your password. Second, you can change your device’s security settings to require a two-factor authentication (2FA) process. Finally, you can update your devices to avoid common man-in-the-middle tactics.

To minimize the risk of a phishing attack, make sure you don’t use public Wi-Fi. If you do use the network, ensure that it’s encrypted. Likewise, make sure you never share your login credentials with anyone. Using a VPN can also be a good idea.

If you’re a business owner, be aware that a man-in-the-middle hacker can disrupt your business operations and steal your financial data. In 2015, 49 suspects arrested for stealing bank account credentials.

Detection of phishing via Microsoft Teams

If your company uses Microsoft Teams, you need to ensure your security team is aware of the latest phishing threats. The platform used for text, video, and audio conferencing and might also contain sensitive files shared between users.

One of the latest phishing attacks designed to impersonate Microsoft Teams. The message contains a link that takes the recipient to a fraudulent website. This website will ask for account information or login credentials. If the victim provides information, it might used to install malware on their computer.

This is a common tactic in phishing emails. The attackers use a combination of forged URLs, social engineering, and imagery copied from real Microsoft Teams emails. This makes the platform an attractive target for phishing attackers.

The attackers need valid e-mail credentials to access the phishing page. They can obtain these credentials by running a phishing campaign or buying them from initial access brokers.

After acquiring a valid e-mail address, the attacker can begin sending out phishing emails to their targeted users. These phishing campaigns can be highly convincing, but the goal can vary from stealing critical assets to demanding a ransom.

If the malicious executable installed on the user’s device, it can monitor Teams logs. This can help the attacker find out if the messages received and read by the users. Moreover, the malware could then gain access to saved messages.

Ammar Fakhruddin


Ammar brings in 18 years of experience in strategic solutions and product development in Public Sector, Oil & Gas and Healthcare organizations. He loves solving complex real world business and data problems by bringing in leading-edge solutions that are cost effective, improve customer and employee experience. At Propelex he focuses on helping businesses achieve digital excellence using Smart Data & Cybersecurity solutions.

Preparing Businesses for AI-Powered Security Threats

Preparing Businesses for AI-Powered Security Threats

Preparing businesses for AI-powered security threats. Stay ahead of evolving cybersecurity challenges with proactive strategies and advanced technologies. When AI goes wrong, the repercussions can be devastating. They range from the loss of life if an AI medical...

Reducing CISOs’ Risk with Data Broker Management

Reducing CISOs’ Risk with Data Broker Management

Reducing CISOs' risk with data broker management. Explore strategies to enhance cybersecurity and safeguard sensitive information in the digital landscape. Every time you use a search engine, social media app or website, buy something online or even fill out a survey...

Vulnerability Prediction with Machine Learning

Vulnerability Prediction with Machine Learning

Advance vulnerability prediction with machine learning. Explore how AI can enhance proactive cybersecurity measures to mitigate potential risks. Machine learning is a field devoted to understanding and building methods that let machines “learn” – that is, methods that...

Recent Case Studies

Mid-size US based firm working on hardware development and provisioning, used DevOps-as-a-...
One of the fastest growing providers of wealth management solutions partnered to build a m...
A US based software startup working on the advancements in genomics diagnostics and therap...

Press Releases

News & Events


Managed Security Services
Security & Privacy Risk Assessment
Cloud Platform Security
Incident Response & Business Continuity

Penetration Testing

Virtual CISO

Email Security & Phishing



About Us