Control: Azure > CIS v5.0 > 5 - Identity Services > 5.02 - Conditional Access > 5.02.08 - Ensure a Token Protection Conditional Access policy is considered
Configures auditing against a CIS Benchmark item.
Level: 2
This recommendation ensures that issued tokens are only issued to the intended device.
When properly configured, conditional access can aid in preventing attacks involving token theft, via hijacking or reply, as part of the attack flow. Although currently considered a rare event, the impact from token impersonation can be severe.
Resource Types
This control targets the following resource types:
Policies
This control type relies on these other policies when running actions:
- Azure > CIS v5.0 > Maximum Attestation Duration
- Azure > CIS v5.0 > 5 - Identity Services > 5.02 - Conditional Access > 5.02.08 - Ensure a Token Protection Conditional Access policy is considered > Attestation
- Azure > CIS v5.0
- Azure > CIS v5.0 > 5 - Identity Services > 5.02 - Conditional Access > 5.02.08 - Ensure a Token Protection Conditional Access policy is considered
- Azure > CIS v5.0 > 5 - Identity Services
- Azure > CIS v5.0 > 5 - Identity Services > Maximum Attestation Duration
Category
In Your Workspace
Developers
- tmod:@turbot/azure-cisv5-0#/control/types/r050208
- tmod:@turbot/cis#/control/categories/v071204
- turbot graphql controls --filter "controlTypeId:tmod:@turbot/azure-cisv5-0#/control/types/r050208"
Get Controls
Control Type URI
Category URI
GraphQL
CLI