In the November 2023 – What’s New in Microsoft Entra Identity & Security w/ Microsoft Security CxE identity episode, a public preview feature of Entra Workload ID premium license was presented (link) which was actually announced on November 9th (link). I really love the idea of restricting application key credentials to a predefined list of […]
https://f12.hu/2023/12/11/entra-workload-identities-trusted-certificate-authorities-public-preview/
Back in the days, I wrote about the Entra Workload Identities Premium licence and it’s very appealing capabilities (link). One of my favorites was the defaultAppManagementPolicy which can (also) restrict the lifetime of (new) password credentials created for an application. Well, it looks like I was too restrictive which led to the error message in […]
https://f12.hu/2023/11/12/entra-workload-identites-passwordlifetime-policy-vs-entra-id-application-proxy-application-operation-failed/
Disclaimer: the following configurations require Microsoft Entra Workload Identities Premium licence (link) Note: This post is not strictly related to fighting client secret usage for apps. However, it may provide a basis for considering the purchase of Microsoft Entra Workload Identities Premium licence for at least those apps that use client secret. In my previous […]
https://f12.hu/2023/08/12/fighting-azuread-app-registration-client-secrets-step3-using-conditional-access-for-workload-identities-custom-security-attributes/
Disclaimer: the following configurations require Microsoft Entra Workload Identities Premium licence (link) In my previous post, I highlighted the risks of using password credentials for apps and how to spot client secret usage for service principals. This post will focus on limiting password lifetime for apps (scoped to tenant or specific application level) which can […]
https://f12.hu/2023/06/18/fighting-azuread-app-registration-client-secrets-step2-limiting-app-password-lifetime/