Are You Leaving Your Microsoft Graph Tokens Unprotected?

To protect your tenant using conditional access policies without holes you MUST create a baseline conditional access policy that targets All Users and All Resources.

Graph Permissions Explorer: https://graphpermissions.merill.net

Plan conditional access policies https://learn.microsoft.com/en-us/entra/identity/conditional-access/plan-conditional-access

00:00 Bypassing Graph PowerShell blocks
00:30 How access tokens work
03:29 Demo - Stealing access tokens
06:58 Graph Permissions Explorer
07:40 Inject the access token into PowerShell
08:46 Creating a baseline CA policy to protect