Tag
Detects potential session hijacking or token replay in Microsoft Entra ID, where a user signs in and subsequently accesses Microsoft Graph from a different IP address using the same session ID, indicating a successful OAuth phishing attack, session hijacking, or token replay attack.