Entra, tokens, and session hardening in the real world
Cybersecurity
Entra, tokens, and session hardening in the real world
Identity attack surface: token theft, session hardening, CA policies, and how buyers search for Entra- and M365-specific guidance.
The identity perimeter
Security teams and auditors search for conditional access, phishing-resistant credentials, and session controls after vendor incidents. The trend is to assume breach at the client and protect refresh tokens and admin paths.
Frequently asked questions
What is token theft in simple terms?
An attacker reuses a valid session or refresh material from a device they should not have. The defense story is phish-resistant sign-in, device health, and policies that limit session length and high-risk use.
Should we block all refresh tokens for admins?
Admins need high-assurance patterns, not a generic user policy. The balance is break-glass access, short-lived sessions, and separate admin workstations or PAW-style controls where the business will support them.