Forum Discussion
Stolen session token from Edge
We can steal the session token from Edge using tools like Burp Suite or Fiddler to intercept proxy traffic on the mobile phone, even when the Edge is MAM protected by Intune.
This makes the Edge browser unsafe to use for Enterprise Applications on personal mobile.
Recently I discovered that the https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-token-protection in Conditional Access Policy.
However it is only available for Windows.
I am wondering if anyone knows when it would become available for mobile on Entra roadmap.
Also, if you know any Edge configuration, I could use to stop Token Theft, please let me know!
Thank you everyone.
1 Reply
The Microsoft Entra Conditional Access feature “Token Protection” is currently only supported on Windows devices. Support for macOS/iOS is currently in preview.
Refer here for more: https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-token-protection
In which OS did you test this out?
