Blog Post
Strengthen identity threat detection and response with linkable token identifiers
SessionIDs and unique token identifiers were already used by incident responders in the past. I am really happy to read that Microsoft now wants to actively support this usecase. Though, can you elaborate what exactly is new and GA now? Since sessionIDs and unique token identifiers already existed before I assume Microsoft now works on ensuring that these identifiers are part of every log? Previously these identifiers were missing in e.g. many Teams Audit Log events.
- Vimala_RanganathanJul 29, 2025
Microsoft
With this release we have made sure every Entra token has session id for every root authentication by default and also is logged in Entra sign in logs. Also workloads now log UTI and session id in their logs so admins can start with Entra and join across workload logs to track all the activities performed in a session.