Full Disclosure: A Third (and Fourth) Azure Sign-In Log Bypass Found

**Executive summary:** Nyxgeek documents four distinct Azure Entra ID sign-in log bypasses (GraphNinja, GraphGhost, GraphGoblin, and a long User-Agent exploit) that enable password validation or full token issuance without generating sign-in logs; the report includes PoCs, screenshots, detection KQL for identifying missing sign-in records via Graph activity, a disclosure timeline, and commentary on Microsoft’s remediation and bounty handling.