Definition
Session hijacking is when an attacker uses a stolen session token or cookie to impersonate an already authenticated user.
Why it matters for business
Abuse of an authenticated session token to impersonate a user. Identity and Microsoft 365 decisions often turn on understanding this term clearly.
Example in an SMB context
A growing firm might encounter Session hijacking while hardening Entra ID, reviewing Secure Score, or rolling out stronger MFA for administrators.
Want this applied in your tenant?
Book a free 15-minute review. We can walk your Microsoft 365 and identity posture and recommend a sensible next step—including ImpetraInsights™ when a formal baseline helps.