Unit 7: Workload Identity Protection
What Are Workload Identities
Workload identities include:
- Service principals.
- Applications.
- Managed identities.
They differ from users because:
- MFA is not possible.
- Secrets must be stored.
- Lifecycle management is weak.
Workload Identity Risk Detection
Detected risks include:
- Suspicious sign-ins.
- Threat intelligence patterns.
- Credential leaks.
- Unusual credential additions.
Workload identity protection requires:
- Entra ID Premium P2.
- Security roles.
Conditional Access for Workloads
Conditional Access can:
- Block risky service principals.
- Protect single-tenant apps.
It does not support:
- Multi-tenant SaaS apps.
- Managed identities.