From Azure Portal To enable Token Protection Conditional Access Policy: 1. From Azure Home, navigate to Microsoft Entra ID &gt; Security &gt; Conditional Access 2. Create a new policy or modify an existing one 3. Under Assignments, select Users and Target resources as appropriate 4. Under Session controls, select Token protection (preview) 5. Set Require token protection for sign-in sessions to enabled 6. Configure Grant controls as appropriate 7. Set Enable policy to On 8. Click Create or Save Note: Token protection is currently supported for desktop applications accessing Exchange Online and SharePoint Online on Windows devices. Once verified, enter the date that this attestation expires. Note that the date can not be further in the future than is specified in report level Maximum Attestation Duration policy. Set to a blank value to clear the attestation.

Azure > Management Group

Azure > Subscription

Azure > Tenant

Turbot > Folder

Turbot

Azure > Active Directory > Directory

Kubernetes > Cluster

AWS > Account

GitHub > Repository

ServiceNow > Instance

GCP > Project

OCI > Compartment

AWS > Directory Service > Directory

AWS > Data Pipeline > Pipeline [Deprecated]

AWS > VPC > Flow Log

AWS > Region

AWS > EC2 > Instance

GCP > Folder

Azure > Resource Group

Azure > CIS v5.0 > 5 - Identity Services > 5.02 - Conditional Access > 5.02.08 - Ensure a Token Protection Conditional Access policy is considered

From Azure Portal&#92;n&#92;nTo enable Token Protection Conditional Access Policy:&#92;n  1. From Azure Home, navigate to Microsoft Entra ID &gt; Security &gt; Conditional Access&#92;n  2. Create a new policy or modify an existing one&#92;n  3. Under Assignments, select Users and Target resources as appropriate&#92;n  4. Under Session controls, select Token protection (preview)&#92;n  5. Set Require token protection for sign-in sessions to enabled&#92;n  6. Configure Grant controls as appropriate&#92;n  7. Set Enable policy to On&#92;n  8. Click Create or Save&#92;n&#92;nNote: Token protection is currently supported for desktop applications accessing&#92;nExchange Online and SharePoint Online on Windows devices.&#92;n&#92;nOnce verified, enter the date that this attestation expires. Note that the&#92;ndate can not be further in the future than is specified in&#92;nreport level Maximum Attestation Duration policy.&#92;nSet to a blank value to clear the attestation.&#92;n

Azure > CIS v5.0 > 5 - Identity Services > 5.02 - Conditional Access > 5.02.08 - Ensure a Token Protection Conditional Access policy is considered > Attestation

Policy: Azure > CIS v5.0 > 5 - Identity Services > 5.02 - Conditional Access > 5.02.08 - Ensure a Token Protection Conditional Access policy is considered > Attestation

Targets

Primary Policy

Controls

Policy Specification

Category

In Your Workspace

Developers