Tunes the Entra ID OAuth Authorization Code Grant for Unusual User, App, and Resource rule to ignore Microsoft Intune and Microsoft Office for Legacy AAD OAuth Auth Code anomalies.

Summary

Removes the following application IDs from the inclusion list to reduce false positives:

• d3590ed6-52b3-4102-aeff-aad2292ab01c - Microsoft Office
• 9ba1a5c7-f17a-4de9-a1f1-6178c8d51223 - Microsoft Intune

These applications generate high volumes of OAuth authorization code grant events that trigger anomalies but represent expected, legitimate behavior. Since the rule's release, these two applications have been the primary sources of false positives.