When talking about Azure AD security, we tend to put less focus on service principals/app registrations*. But when we take into consideration that these principals can have assigned API permissions and “static” credentials (certificate or password) and that these credentials in the wrong hands can cause serious damage, we may change our attitude.* While “App […]
-
Recent Posts
- Reporting on Entra Application Proxy published applications – Graph PowerShell
- Playing with Microsoft Passport Key Storage Provider – protect user VPN certificates with Windows Hello for Business?
- Convenience PIN policy enables Windows Hello for Business enrollment in Windows Security
- Hunting for report-only (Microsoft-managed) Conditional Access impacts
- Entra Workload Identities – Trusted Certificate Authorities (public preview)
Recent Comments
All posts for the month May, 2023
AzureAD App registrations – the “application” permission + credentials combination security nightmare
by Daniel Kovacs on May 6, 2023
• Permalink
Posted by Daniel Kovacs on May 6, 2023
https://f12.hu/2023/05/06/azuread-app-registrations-the-application-permission-credentials-combination-security-nightmare/
Archives
Categories
-
Disclaimer
The information on this website is provided for informational purposes only and I make no warranties, either express or implied. Information in these documents, including URL and other Internet Web site references, is subject to change without notice. The entire risk of the use or the results from the use of this document remains with the user.
The postings on this site are my own and do not necessarily represent the postings, strategies or opinions of my employer.
-
Social