You report a compromised key — with your confirmation the scenario deactivates it in Microsoft Entra ID, audits the permissions, applies a restriction and reports to Telegram.