Protecting Against Credential and Token Theft
Вставка
- Опубліковано 29 чер 2024
- In this video I look at credential and token theft and what we can do to protect.
🔎 Looking for content on a particular topic? Search the channel. If I have something it will be there!
🤔 Due to the channel growth and number of people wanting help I no longer can answer or even read questions and they will just stay in the moderation queue never to be seen so please post questions to other sites like Reddit, Microsoft Community Hub etc.
▬▬▬▬▬▬ C H A P T E R S ⏰ ▬▬▬▬▬▬
00:00 - Introduction
00:49 - Credential protection
05:46 - Authentication strengths
07:32 - Protection for strong authentication method registration
08:54 - Additional protections
11:56 - Shift to token theft
12:19 - Tokens we get
13:24 - Secrets on the machine
15:45 - Primary Refresh Token
17:42 - Session Key
19:21 - Refresh and Access Tokens
21:51 - Token theft
24:02 - Protections
24:22 - Entra Internet Access
26:13 - Machine management
29:21 - Token binding
32:20 - Proof of Possession
37:50 - Token brokers and MSAL
39:41 - Requiring token binding
41:59 - Demonstrated Proof of Possession standard
45:13 - Detection
45:42 - Continuous Access Evaluation
46:39 - Identity Protection
48:16 - Summary
51:35 - Close
▬▬▬▬▬▬ K E Y L I N K S 🔗 ▬▬▬▬▬▬
► Whiteboard:
🔗 raw.githubusercontent.com/joh...
► Token Protection
🔗 learn.microsoft.com/entra/ide...
🔗 techcommunity.microsoft.com/t...
▬▬▬▬▬▬ Want to learn more? 🚀 ▬▬▬▬▬▬
📖 Recommended Learning Path for Azure
🔗 learn.onboardtoazure.com
🥇 Certification Content Repository
🔗 github.com/johnthebrit/Certif...
📅 Weekly Azure Update
🔗 • Azure Infrastructure U...
☁ Azure Master Class
🔗 • Microsoft Azure Master...
⚙ DevOps Master Class
🔗 • DevOps Master Class
💻 PowerShell Master Class
🔗 • PowerShell Master Class
🎓 Certification Cram Videos
🔗 • Microsoft Certificatio...
🧠 Mentoring Content
🔗 • Virtual Mentoring
❔ Questions? Maybe I answered it in my FAQ
🔗 savilltech.com/faq
👕 Cure Childhood Cancer Charity T-Shirt Channel Store
🔗 johns-t-shirts-store.creator-...
👂 Enable the subtitles and from there you can translate to your native language via the auto-translate feature in settings! • UA-cam Captions and A... for a demo of using this feature.
SUBSCRIBE ✅ / @ntfaqguy
#microsoft #passkeys #johnsavillstechnicaltraining
Hey everyone, wanted to look at credential and token theft as something impacting nearly every organization! Please make sure to read the description for the chapters and key information about this video and others.
⚠ P L E A S E N O T E ⚠
🔎 If you are looking for content on a particular topic search the channel. If I have something it will be there!
🕰 I don't discuss future content nor take requests for future content so please don't ask 😇
🤔 Due to the channel growth and number of people wanting help I no longer can answer or even read questions and they will just stay in the moderation queue never to be seen so please post questions to other sites like Reddit, Microsoft Community Hub etc.
👂 Translate the captions to your native language via the auto-translate feature in settings! ua-cam.com/video/v5b53-PgEmI/v-deo.html for a demo of using this feature.
Thanks for watching!
🤙
Forget oAuth we need jAuth, no-one is stealing tokens from those biceps
lol
Agree..Sir John please get going on this tech😊 Thanks sir John awesome video as always😊
Thanks again John! I was literally investigating this last week (currently rolling out Yubikeys to Prod), and now this is in my lap! You are the MVP o7
Glad to help!
Savill, Thank you so much! Learn a lot from your series of high quality sharing.
Happy to hear that!
Another Great Video John! , thanks for making these great easy to follow lessons!
Excellent video. Clear and concise.
Video disc. The large album-sized ones.
Great video as always, and very informative and full of knowledge!!! 😎
Glad you enjoyed it!
Really intresting as always, thank you !
Another great video. Less than 300 employees and we have all of this enabled. Good goto this explanation.
Thanks for watching!
enjoying this video for today learning, thanks a lot!
Wham! Great video as always.
Great video John, thanks for sharing
Glad you enjoyed it
Another great video John. I loved the conditional access piece until I realized it required Entra ID P2. I guess we will have to hope the open standard develops a bit so we all have something we can use.
Thanks again , very nice walk-though 🙂
Thanks!
Awesome session thanks :-)
Awesome, thank you 🙂
Thank you!!!
much needed
Saviour!!!😊