Tag
Detection of OAuth phishing in Microsoft Entra ID through Microsoft Authentication Broker (MAB) and Device Registration Service (DRS) indicated by the same user principal and session ID originating from multiple IP addresses within a short timeframe, indicative of unauthorized token acquisition.