#refreshtoken β Public Fediverse posts
Live and recent posts from across the Fediverse tagged #refreshtoken, aggregated by home.social.
-
I'd like to point out this really interesting article on the topic: ππ¨π€ππ§ ππ‘πππ πππ₯π€.
Key points and topics covered:
- Primary Refresh Tokens (PRT) on all operating system platforms have been hardened against theft from day one. The level of protection depends on operated system capabilities, with Windows offering the strongest protection.
- First line of defense against token theft is protecting your devices by deploying endpoint protections, device management, MFA (and moving towards phishing-resistant credentials), and antimalware
You can reduce token theft by carefully orchestrating Entra ID security products:
βΆAddressing token theft of sign-in session artifacts: Conditional Access: Token protection policy offers cryptographic protection against replay of stolen tokens.
βΆAddressing token theft of app session artifacts: block usage of stolen access tokens and workload cookies outside of your corporate network by using Conditional Access.
βΆDetecting token theft: enable risk detections with Microsoft Entra ID Protection to elevate user risk when token theft is suspected.
#microsoft #microsoftsecurity #entraid #azuread #azure #idp #token #tokentheft #cloudsecurity #identity #prt #cookies #identityprotection #mfa #cae #conditionalaccess #refreshtoken #token