Forum Discussion
Himanshu Singh
Jul 17, 2019Iron Contributor
AAD Token ESTSAUTH Cookie Export Import
Assuming this is known already one can easily export the ESTSAUTH cookie from the browser once authenticated with AAD / Office 365, and then import the same on another device and can easily acces...
Himanshu Singh
Jul 29, 2019Iron Contributor
Strange this is not catching anyone's attention,
Please all experts look into this and advise,
By simply exporting and importing the mentioned cookies here user is able to bypass all machine level checks ?
Access from UnManaged Device ?
How to prevent this please suggest
BR,
/HS
- Himanshu SinghSep 16, 2019Iron Contributor
Microsoft is aware of this and is working on introducing new session control feature as part of conditional access with Azure AD