App registrations and service principals are everywhere in your tenant – but how well are they actually secured? In most environments, the answer is: not well enough.
This session takes you on a journey through the identity lifecycle of non-human identities in Entra ID. We'll start with the fundamentals – how app registrations, service principals, and managed identities relate to each other and where the security boundaries lie. From there, we'll dive into a commonly overlooked attack vector: client secrets on service principals that can be added via Graph API but are completely invisible in the Entra admin center.
You'll learn how to use App Management Policies to block secret creation at the tenant level and per-application, why federated credentials and managed identities should be your default, and how Conditional Access for Workload Identities adds a critical policy layer to control how and from where your non-human identities authenticate.
Expect real-world scenarios, live demos, and actionable takeaways you can implement in your tenant the same week.

Learn how to lock down app registrations and service principals in Entra ID – from blocking secret creation with App Management Policies to enforcing Conditional Access for Workload Identities.