Hackers Bypassing MFA to Compromise Microsoft 365 Accounts

Key Questions

How are hackers bypassing MFA in Microsoft 365?

Attackers use device code phishing that exploits legitimate MFA flows without needing fake websites or passwords. This targets Microsoft 365 accounts, particularly in accounting firms.

What has the FBI warned about regarding these attacks?

The FBI issued a PSA about emerging phishing scams that compromise Microsoft 365 accounts by bypassing traditional password requirements through device code flows.

How can organizations mitigate device code phishing attacks?

Mitigation includes implementing Conditional Access policies and conducting OAuth app audits. Immediate action is recommended for all Microsoft 365 tenants.

Device code phishing attacks are targeting accounting firms, exploiting legitimate MFA flows. Mitigation includes Conditional Access policies and OAuth audit. Immediate action required for all M365 tenants.

Sources (2)

Updated Jun 18, 2026

Digital Workplace Insights

Hackers Bypassing MFA to Compromise Microsoft 365 Accounts

Key Questions

How are hackers bypassing MFA in Microsoft 365?

What has the FBI warned about regarding these attacks?

How can organizations mitigate device code phishing attacks?

FBI warns about Microsoft 365 cyber attacks that don’t need passwords

Hackers Are Bypassing MFA to Compromise Accounting Firm Microsoft 365 Accounts