I don't see how this will improve token theft security. The device ID or what ever that will be, can and will be stolen as well. The only thing that is indeed a major improvement is bounding the IP to your jwt token. Also the mentioning of reauthorization, means the whole purpose of jwts will be rendered useless (decentralized auth). In my opinion sso/jwt has always been unsecure, I appreciate that ms entry seems to work around it, to improve security...
I don't see how this will improve token theft security. The device ID or what ever that will be, can and will be stolen as well. The only thing that is indeed a major improvement is bounding the IP to your jwt token. Also the mentioning of reauthorization, means the whole purpose of jwts will be rendered useless (decentralized auth). In my opinion sso/jwt has always been unsecure, I appreciate that ms entry seems to work around it, to improve security...
I'd be interested to know how tokens are linked to a device & if there's potential for spoofing of that identifier by a smart hacker
Which license is required for Token Theft Protection? Entra ID P2 or P1?
P2
Top! Love it. 👌
Smart was thinking when will this be a thing. No ide how the internal workings are but guess something with TPM chip would be nice :)
❤
This is so useful! thnx for the amazing explanantion. can't wait to implement this for my customers :)
Very useful. I concur that is a rising problem, so will be checking t5hes options out soon.
Is the device ID the device's MAC address? That is very easy to spoof!
Stop yelling at me! Wait, I think I now understand token theft retention...Keep yelling at me!
So funny!