J/

Read me updated including screenshots and guidance @KwachSean

https://call4cloud.nl/2024/07/device-attestation-mdm-hardening/

I have a Blocklist on my repo if you'd like to use this instead - benefit is that you can use this to search logs and then consequently block all...

Ran again today same issue {"CA003-Global-AttackSurfaceReduction-AnyApp-AnyPlatform-Block-AuthFlows","createdDateTime":"2025-07-14T10:13:28.9575735Z","modifiedDateTime":"2025-10-24T10:17:01.2527756Z","state":"enabled","deletedDateTime":null,"partialEnablementStrategy":null,"sessionControls":null,"conditions":{"userRiskLevels":[],"signInRiskLevels":[],"clientAppTypes":["all"],"platforms":null,"locations":null,"times":null,"deviceStates":null,"devices":null,"clientApplications":null,"applications":{"includeApplications":["All"],"excludeApplications":[],"includeUserActions":[],"includeAuthenticationContextClassReferences":[],"applicationFilter":null},"users":{"includeUsers":["All"],"excludeUsers":["fc8666d4-67ed-465e-b6bd-0b3071b79293","bd1cb258-2cdc-418b-8d52-ff7e56456d98"],"includeGroups":[],"excludeGroups":[],"includeRoles":[],"excludeRoles":[],"includeGuestsOrExternalUsers":null,"excludeGuestsOrExternalUsers":null},"authenticationFlows":{"transferMethods":"deviceCodeFlow,authenticationTransfer"}},"grantControls":{"operator":"OR","builtInControls":["block"],"customAuthenticationFactors":[],"termsOfUse":[],"[email protected]":"https://graph.microsoft.com/beta/$metadata#policies/conditionalAccessPolicies('636f729c-ca4e-4401-b51d-1da51d729a29')/grantControls/authenticationStrength/$entity","authenticationStrength":null}}