Phishing with Device Codes
Microsoft discovered a threat actor using device codes to phish credentials and has provided some guidance for mitigations.
If you are not familiar with device codes chances are you have used a device code if you have used a smart TV.
Your favorite streaming service might give you a 6-digit code to enter into your laptop or cell phone, then you provide your credentials and the TV is now logged in as you. This is a device code, and while it can be used for non-streaming services it is likely not something you would have frequently in use in an enterprise environment.