Protected actions are a new preview feature for Azure AD conditional access policies. You can associate protected actions with an authentication context and specify that anyone who wants to use these actions should meet the conditions set in a conditional access policy. Although only a limited set of actions are available in the preview, you can see the value of what Microsoft is doing and how it might apply to actions across the Entra and Azure portals.
Token protection is a new session control (preview) for Azure AD conditional access policies. The idea is to bind a sign-in token to a user’s device to stop attackers attempting to reuse the token to compromise the user’s account. Only a limited set of Microsoft 365 apps support token protection at present, but it’s an idea that should help if token theft becomes as pervasive as some predict.