Explore credential and token theft protection strategies in this comprehensive 53-minute video tutorial. Learn about various authentication strengths, registration protection methods, and additional safeguards. Dive into the world of token theft, understanding different types of tokens and secrets stored on machines. Discover key protection mechanisms like Entra Internet Access, machine management, token binding, and Proof of Possession. Gain insights into token brokers, MSAL, and the Demonstrated Proof of Possession standard. Explore detection techniques, Continuous Access Evaluation, and Identity Protection. Master essential concepts to enhance your organization's security posture against credential and token theft threats.
Overview
Syllabus
- Introduction
- Credential protection
- Authentication strengths
- Protection for strong authentication method registration
- Additional protections
- Shift to token theft
- Tokens we get
- Secrets on the machine
- Primary Refresh Token
- Session Key
- Refresh and Access Tokens
- Token theft
- Protections
- Entra Internet Access
- Machine management
- Token binding
- Proof of Possession
- Token brokers and MSAL
- Requiring token binding
- Demonstrated Proof of Possession standard
- Detection
- Continuous Access Evaluation
- Identity Protection
- Summary
- Close
Taught by
John Savill's Technical Training
