Device code phishing combined with vishing targeting Microsoft Entra: how the OAuth flow gets abused, what to monitor, and how to mitigate.