Demystify Azure AD workload identities

Identities of apps and services (workloads) are gaining privileged access and are used on a wide scale (especially in DevOps or large high-automated environments).
Attack techniques (for example, in case of NOBELIUM attacks) has shown that service principals will be used for initial and persistent access (to create a "backdoor" in Azure AD).
Securing credentials, limit and detecting suspicious access or managing lifecycle of workload identities can be a challenge.

Security concepts of privileged user account can not be (fully) applied to non-human identities and would be limited applicable.
Strictly monitoring and classification of this types of identities are often neglected in the past.

In this session, I like to give an overview about the different types of workload identities, common (sensitive) use cases and how attacks or abuse can be mitigated of the different phases in the lifecycle.

- What is a workload identity?
- Different types of workload identities in Azure AD
- Common and real-world use cases
- Management of lifecycle and visibility
- Securing delegated management by Azure AD RBAC
- Monitoring and detection to prevent privilege escalation
- Securing access and protection of workload identities
(by Azure AD Conditional Access and Identity Protection)

Thomas Naunheim

Microsoft MVP | Cloud Security Architect @glueckkanja-gab AG

Koblenz, Germany

View Speaker Profile