Microsoft describes an AI-enhanced “device code” phishing campaign that improves attacker impersonation and luring workflows. The guidance targets organizations and consumers facing MFA and device-sign-in threats.

Microsoft detailed an AI-enabled “device code” phishing campaign designed to bypass user expectations during authentication flows. The technique targets users who authenticate via device sign-in processes (such as granting access through a browser-to-device workflow), then uses impersonation improvements to increase success rates. Microsoft explains that the threat actors enhance their efforts by refining how they appear legitimate and by adjusting lures to match common user behavior—reducing friction and increasing the odds that victims follow instructions. The post emphasizes that MFA prompts and device sign-in screens can still be abused when attackers successfully convince users to approve a malicious authentication request. For defenders and consumers, Microsoft’s analysis highlights practical risk signals: unexpected device codes, mismatched contexts, and prompts that do not align with the user’s actual login attempts. The article also describes mitigation-oriented steps, including tightening identity protections, monitoring authentication anomalies, and educating users to treat device code prompts as high-risk unless confirmed through known-safe channels. Overall, it’s a technical but actionable warning that AI can materially improve social-engineering effectiveness in MFA-adjacent attack paths.