At least one Conditional Access policy is targeting the Device Code authentication flow.
Why This Matters
Device Code authentication flow allows users to sign in on devices without full browsers, such as smart TVs or command-line tools. Without a Conditional Access policy targeting this flow, attackers can exploit it to bypass security controls like multifactor authentication, increasing the risk of unauthorized access to your tenant.
What Aether365 Checks
Aether365 verifies that at least one Conditional Access policy is configured to target the Device Code authentication flow. This check appears in your Aether365 dashboard under the microsoft-365 category.