Forum Discussion
Question about "anomalous token" alert
Hi Everyone, I am a security analyst working with Sentinel, and every now and again we get the alert "Anomalous token involving one user". "This detection indicates that there are abnormal characte...
Considering on below:
- Audit and Sign-In Logs: Regularly review audit and sign-in logs to identify any unusual activities. Look for patterns such as logins from unfamiliar locations or devices.
- Multi-Factor Authentication (MFA): Ensure that MFA is enabled for all users. This adds an extra layer of security, making it harder for attackers to use stolen tokens.
- Token Lifetime Policies: Implement strict token lifetime policies to limit the duration for which tokens are valid. This reduces the window of opportunity for attackers to misuse stolen tokens.
- Conditional Access Policies: Use conditional access policies to enforce access controls based on user location, device compliance, and risk level.
- Advanced Threat Protection: Utilize advanced threat protection tools like Microsoft Defender for Cloud Apps to detect and respond to token theft attempts.
- User Education: Educate users about the importance of security hygiene, such as recognizing phishing attempts and securing their devices.