Forum Discussion

eliekarkafy's avatar
Mar 10, 2023

Conditional Access: Token protection (preview)

Token protection creates a cryptographically secure tie between the token and the device (client secret) it's issued to. Without the client secret, the bound token is useless. When a user registers a Windows 10 or newer device in Azure AD, their primary identity is bound to the device. This connection means that any issued sign-in token is tied to the device significantly reducing the chance of theft and replay attacks. These sign-in tokens are specifically the session cookies in Microsoft Edge and most Microsoft product refresh tokens in this preview release.

 

https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-token-protection 

 

 

No RepliesBe the first to reply

Resources