A nuance in the Entra ID Resource Owner Password Credentials (ROPC) protocol allows attackers with compromised credentials to authenticate against a permissive external tenant, generating a 'Sign-in: Success' log in the victim's home tenant. While this cross-tenant authentication does not grant access to the victim's data, it effectively poisons UEBA models and floods the SOC with false positive alerts, creating significant operational disruption and compromising log integrity.