Skip to content

Commit 84582e2

Browse files
MicrosoftGuyJFloMicrosoftGuyJFlo
committed
WIP
1 parent c93e2b6 commit 84582e2

File tree

2 files changed

+4
-4
lines changed

2 files changed

+4
-4
lines changed

articles/active-directory/conditional-access/TOC.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,8 @@
3939
href: service-dependencies.md
4040
- name: Filter for applications
4141
href: concept-filter-for-applications.md
42+
- name: Token binding
43+
href: concept-token-binding.md
4244
- name: Location conditions
4345
href: location-condition.md
4446
- name: Workload identities

articles/active-directory/conditional-access/concept-token-binding.md

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ description:
44
ms.service: active-directory
55
ms.subservice: conditional-access
66
ms.topic: conceptual
7-
ms.date: 02/16/2023
7+
ms.date: 02/21/2023
88

99
ms.author: joflore
1010
author: MicrosoftGuyJFlo
@@ -19,8 +19,7 @@ Token binding attempts to reduce attacks using token theft by ensuring a token i
1919

2020
Token binding creates a cryptographically secure tie between the token and the device (client secret) it's issued to. Without the client secret, the bound token is useless. When a user registers a Windows 10 or newer device in Azure AD, their primary identity is [bound to the device](../devices/concept-primary-refresh-token.md#how-is-the-prt-protected). This connection means that any issued sign-in token is tied to the device and can't be stolen or replayed. These sign-in tokens are specifically the session cookies in Microsoft Edge and most Microsoft product refresh tokens.
2121

22-
With this preview, we're giving you the ability to create a Conditional Access policy to require token binding for sign-in tokens for specific services. We support token binding for sign-in tokens in Conditional Access for Exchange online and SharePoint on Windows devices.
23-
22+
With this preview, we're giving you the ability to create a Conditional Access policy to require token binding for sign-in tokens for specific services. We support token binding for sign-in tokens in Conditional Access for Exchange Online and SharePoint Online on Windows devices.
2423

2524
## Requirements
2625

@@ -87,5 +86,4 @@ After confirming your settings using [report-only mode](howto-conditional-access
8786

8887
## Next steps
8988

90-
- [Blog post: It’s time for token binding](https://www.microsoft.com/microsoft-365/blog/2018/08/21/its-time-for-token-binding/)
9189
- [What is a Primary Refresh Token?](../devices/concept-primary-refresh-token.md)

0 commit comments

Comments
 (0)