Sign in to confirm you’re not a bot
This helps protect our community. Learn more

Protecting Against Credential and Token Theft

John Savill's Technical Training
318K subscribers
<__slot-el>
<__slot-el>
25K views 10 months ago #passkeys #johnsavillstechnicaltraining #microsoft
In this video I look at credential and token theft and what we can do to protect. 🔎 Looking for content on a particular topic? Search the channel. If I have something it will be there! 🤔 Due to the channel growth and number of people wanting help I no longer can answer or even read questions and they will just stay in the moderation queue never to be seen so please post questions to other sites like Reddit, Microsoft Community Hub etc. ▬▬▬▬▬▬ C H A P T E R S ⏰ ▬▬▬▬▬▬ 00:00 - Introduction 00:49 - Credential protection 05:46 - Authentication strengths 07:32 - Protection for strong authentication method registration 08:54 - Additional protections 11:56 - Shift to token theft 12:19 - Tokens we get 13:24 - Secrets on the machine 15:45 - Primary Refresh Token 17:42 - Session Key 19:21 - Refresh and Access Tokens 21:51 - Token theft 24:02 - Protections 24:22 - Entra Internet Access 26:13 - Machine management 29:21 - Token binding 32:20 - Proof  ...more
...more

Introduction

0:00

Credential protection

0:49

Authentication strengths

5:46

Protection for strong authentication method registration

7:32

Additional protections

8:54

Shift to token theft

11:56

Tokens we get

12:19

Secrets on the machine

13:24

Primary Refresh Token

15:45

Session Key

17:42

Refresh and Access Tokens

19:21

Token theft

21:51

Protections

24:02

Entra Internet Access

24:22

Machine management

26:13

Token binding

29:21

Proof of Possession

32:20

Token brokers and MSAL

37:50

Requiring token binding

39:41

Demonstrated Proof of Possession standard

41:59

Detection

45:13

Continuous Access Evaluation

45:42

Identity Protection

46:39

Summary

48:16

Close

51:35
Protecting Against Credential and Token Theft
655Likes
25,861Views
Jun 242024
In this video I look at credential and token theft and what we can do to protect. 🔎 Looking for content on a particular topic? Search the channel. If I have something it will be there! 🤔 Due to the channel growth and number of people wanting help I no longer can answer or even read questions and they will just stay in the moderation queue never to be seen so please post questions to other sites like Reddit, Microsoft Community Hub etc. ▬▬▬▬▬▬ C H A P T E R S ⏰ ▬▬▬▬▬▬ 00:00 - Introduction 00:49 - Credential protection 05:46 - Authentication strengths 07:32 - Protection for strong authentication method registration 08:54 - Additional protections 11:56 - Shift to token theft 12:19 - Tokens we get 13:24 - Secrets on the machine 15:45 - Primary Refresh Token 17:42 - Session Key 19:21 - Refresh and Access Tokens 21:51 - Token theft 24:02 - Protections 24:22 - Entra Internet Access 26:13 - Machine management 29:21 - Token binding 32:20 - Proof of Possession 37:50 - Token brokers and MSAL 39:41 - Requiring token binding 41:59 - Demonstrated Proof of Possession standard 45:13 - Detection 45:42 - Continuous Access Evaluation 46:39 - Identity Protection 48:16 - Summary 51:35 - Close ▬▬▬▬▬▬ K E Y L I N K S 🔗 ▬▬▬▬▬▬ ► Whiteboard: 🔗 https://raw.githubusercontent.com/joh... ► Token Protection 🔗 https://learn.microsoft.com/entra/ide... 🔗 https://techcommunity.microsoft.com/t... ▬▬▬▬▬▬ Want to learn more? 🚀 ▬▬▬▬▬▬ 📖 Recommended Learning Path for Azure 🔗 https://learn.onboardtoazure.com 🥇 Certification Content Repository 🔗 https://github.com/johnthebrit/Certif... 📅 Weekly Azure Update 🔗    • Azure Infrastructure Updates   ☁ Azure Master Class 🔗    • Microsoft Azure Master Class v2 (bein...   ⚙ DevOps Master Class 🔗    • DevOps Master Class   💻 PowerShell Master Class 🔗    • PowerShell Master Class   🎓 Certification Cram Videos 🔗    • Microsoft Certification Exam Prep Videos   🧠 Mentoring Content 🔗    • Virtual Mentoring   ❔ Questions? Maybe I answered it in my FAQ 🔗 https://savilltech.com/faq 👕 Cure Childhood Cancer Charity T-Shirt Channel Store 🔗 https://johns-t-shirts-store.creator-... 👂 Enable the subtitles and from there you can translate to your native language via the auto-translate feature in settings!    • YouTube Captions and Auto Translate Q...   for a demo of using this feature. SUBSCRIBE ✅    / @ntfaqguy   #microsoft #passkeys #johnsavillstechnicaltraining

Follow along using the transcript.

John Savill's Technical Training

318K subscribers