The bypass was straightforward: by changing the authentication endpoint for Microsoft Graph to that of an unrelated tenant, logon attempts would not appear in the victim's logs. However, verbose error messages would still reveal the validity of User Principal Names (UPNs) and passwords.
Summary (give a brief description of the issue)
References (provide links to blogposts, etc.)
https://trustedsec.com/blog/full-disclosure-a-look-at-a-recently-patched-microsoft-graph-logging-bypass-graphninja