Identity, Microsoft 365, Cloud Security, Microsoft Entra ID, Security, Identity Governance, Security & Compliance, Azure & Entra ID Tiago Carvalho Identity, Microsoft 365, Cloud Security, Microsoft Entra ID, Security, Identity Governance, Security & Compliance, Azure & Entra ID Tiago Carvalho

Hardening Workload Identities in Microsoft Entra ID - Secrets, Service Principals & Secretless Auth

Most tenants have dozens of app registrations with long-lived secrets, no Conditional Access coverage, and zero monitoring. This article covers the full hardening path: credential inventory via Graph, migration from secrets to certificates to workload identity federation (with a decision table by scenario), Conditional Access for service principals, ID Protection risk detections, governance lifecycle, the March 2026 service-principal-less authentication deadline, common hardening mistakes, an SMB quick-start priority list, and an auditor evidence checklist.

Read More