Google and Microsoft are tightening identity and OAuth telemetry after stealthy account attacks
Attackers have started abusing OAuth client ID behavior in Microsoft Entra ID to enumerate accounts and evade normal sign-in logging. Proofpoint showed that spoofed client IDs can

