Microsoft leaves mitigation of this known and quite powerful phishing vector behind additional licensing requirements. You cannot reliably block Microsoft Entra device code flow without Entra ID Premium P1.

Password managers, FIDO keys will not help you as the authentication flow is happening in Microsoft servers.