Authentication flows Protection & Device Registration Service for Intune Enrolment

When I blogged last week about whether it is possible to enrol a device in Intune without ever having to authenticate on the device itself , I wanted to follow it up with additional security measures that organizations may need to consider if they use device code flow for device registration purposes. While Microsoft Entra ID supports a wide range of authentication and authorization flows to provide a seamless experience across all application and device types, device code flow can be misused and exploited to carry out phishing attacks and therefore is considered high-risk. In general, Microsoft recommends blocking it altogether, but that may not always be an option as indicated in the my earlier post . In this post I will cover how to block authentication flow and how device registration can be allowed in certain scenarios. Authentication flows in a nutshell To provide more control over your security posture, Microsoft has provided the ability to control certain authentication flows t...