All posts for the month June, 2023

Fighting AzureAD App registration client secrets – step2: limiting app password lifetime

Disclaimer: the following configurations require Microsoft Entra Workload Identities Premium licence (link) In my previous post, I highlighted the risks of using password credentials for apps and how to spot client secret usage for service principals. This post will focus on limiting password lifetime for apps (scoped to tenant or specific application level) which can […]

No Comments

by Daniel Kovacs on June 18, 2023 • Permalink

Posted in AzureAD, Entra Workload Identities, GraphAPI

Tagged app registration, appManagementPolicy, AzureAD, service principal, workload identities

Posted by Daniel Kovacs on June 18, 2023

https://f12.hu/2023/06/18/fighting-azuread-app-registration-client-secrets-step2-limiting-app-password-lifetime/

Fighting AzureAD App registration client secrets – step1: reviewing client secret usage

Workload identity (including service principals) security keeps bugging me, especially the password credentials (aka client secret). I’m sure there are scenarios where this is the only option, but I see environments where these are used just because it is easier to implement. And one day I woke up and realized how dangerous it can be […]

No Comments

by Daniel Kovacs on June 12, 2023 • Permalink

Posted in AzureAD, GraphAPI, PowerShell

Tagged workload identities

Posted by Daniel Kovacs on June 12, 2023

https://f12.hu/2023/06/12/fighting-azuread-app-registration-client-secrets-step1-reviewing-client-secret-usage/

Archives
Categories
Disclaimer

The information on this website is provided for informational purposes only and I make no warranties, either express or implied. Information in these documents, including URL and other Internet Web site references, is subject to change without notice. The entire risk of the use or the results from the use of this document remains with the user.

The postings on this site are my own and do not necessarily represent the postings, strategies or opinions of my employer.
Social

LinkedIn

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Recent Posts

Recent Comments

Fighting AzureAD App registration client secrets – step2: limiting app password lifetime

Fighting AzureAD App registration client secrets – step1: reviewing client secret usage

Archives

Categories

Disclaimer

Social