Service accounts with mailbox passwords still power thousands of production flows—and they’re a security nightmare. In this 40-minute, demo-first session you’ll learn how to swap every shared credential for scoped Azure AD app registrations and service-principal connections. We’ll build two hardened patterns live: (1) “Send mail” via Exchange Online with Mail.Send and an Application-Access policy that restricts the app to a single shared mailbox, and (2) “SharePoint permissions” using the new sites. selected scope. You’ll walk away with scripts, custom-connector swagger, and know how that allows you to deploy these connections safely and securely.