Demystify Microsoft Entra ID workload identities

Identities of apps and services (workloads) are gaining privileged access and are used on a wide scale (especially in DevOps or large high-automated environments).
Attack techniques (for example, in case of NOBELIUM attacks) has shown that service principals will be used for initial and persistent access (to create a "backdoor" in Microsoft Entra ID).
Securing credentials, limit and detecting suspicious access or managing lifecycle of workload identities can be a challenge.

Security concepts of privileged user account can not be (fully) applied to non-human identities and would be limited applicable.
Strictly monitoring and classification of this types of identities are often neglected in the past.

In this session, I like to give an overview about the different types of workload identities, common (sensitive) use cases and how attacks or abuse can be mitigated of the different phases in the lifecycle.

- What is a workload identity?
- Different types of workload identities in Entra ID
- Common and real-world use cases
- Management of lifecycle and visibility
- Securing delegated management by Entra ID RBAC
- Monitoring and detection to prevent privilege escalation
- Securing access and protection of workload identities
(by Entra Conditional Access and Identity Protection)

Thomas Naunheim

Microsoft MVP | Cyber Security Architect @glueckkanja AG

Koblenz, Germany


Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top