🔥 3-day streak
Microsoft Identity and Access Administrator38 / 126
Question 38 of 126

Contoso wants to prevent token replay attacks where refresh and access tokens are exported from a compromised device and used elsewhere. Security requires that tokens issued to a user's device are cryptographically bound to that device, so a stolen token cannot be used on a different machine. Which Conditional Access session control should you configure to meet this requirement?

Reviewed for accuracy · Report an issueNext question