A new downgrade attack against Microsoft Entra ID has been developed, which tricks users into using weaker authentication methods, making them vulnerable to phishing and session hijacking. By spoofing a browser that lacks FIDO support, attackers can bypass FIDO authentication and intercept user credentials and session cookies. Although no real-world attacks using this method have been reported yet, the risk remains significant, particularly in targeted scenarios.