Blog Post

Microsoft Entra Blog
3 MIN READ

Strengthen identity threat detection and response with linkable token identifiers

IdentityHelper's avatar
IdentityHelper
Icon for Microsoft rankMicrosoft
Jul 21, 2025

Linkable token identifiers now GA to trace user sessions across multiple Microsoft 365 and Microsoft Graph workloads to improve security investigations

We’re announcing the general availability of linkable token identifiers, which let you trace a user’s session across workloads from a specific authentication event. This feature improves incident res...
Updated Jul 21, 2025
Version 1.0
defender
entra id
IdentityHelper's avatar
Icon for Microsoft rankMicrosoft
Joined July 16, 2025
View Profile
Microsoft Entra Blog
Stay informed on how to secure access for employees, customers, and non-human identities, from anywhere, to multicloud and on-premises resources, with comprehensive identity and network access solutions powered by AI.
PSCCH's avatar
PSCCH
Copper Contributor
Jul 25, 2025

SessionIDs and unique token identifiers were already used by incident responders in the past. I am really happy to read that Microsoft now wants to actively support this usecase. Though, can you elaborate what exactly is new and GA now? Since sessionIDs and unique token identifiers already existed before I assume Microsoft now works on ensuring that these identifiers are part of every log? Previously these identifiers were missing in e.g. many Teams Audit Log events.

  • Vimala_Ranganathan's avatar
    Vimala_Ranganathan
    Icon for Microsoft rankMicrosoft
    Jul 29, 2025

    With this release we have made sure every Entra token has session id for every root authentication by default and also is logged in Entra sign in logs. Also workloads now log UTI and session id in their logs so admins can start with Entra and join across workload logs to track all the activities performed in a session.