Test whether Conditional Access policies can be bypassed via User-Agent spoofing through ROPC authentication flow.